Cover V09, I07


Questions and Answers

Jim McKinstry

 Q I'm running Solaris 2.7, and I'd like to kill all processes that a certain user is running. How do I do that?

 A Check out pkill. It provides a very simple way to kill all processes running under a given user:

pkill -9 -u <user name>
Or, you can kill all processes except those running by a given user:

pkill -9 -v -u <user name>
pkill also allows you to kill all processes of a given name. For example, to kill all of the “top” processes run:

pkill -9 top
Another cool command is pgrep. pgrep returns the process ID of a process name. For example:

pgrep netscape
may return:
This is pretty much the same as:

ps -ef | grep netscape | grep -v grep
Note that the pgrep and pkill commands are faster than the similar ps | grep pipe because they use the proc file system directly.

 Q Which operating system is better for an application that requires a high I/O rate, Windows NT or Linux?

 A The I/O structure for Linux is very streamlined compared to the Windows NT I/O subsystem. It is not uncommon to see I/O performance four times faster on a Linux system. Since Linux and NT systems are so cheap, I suggest setting up a test system with Linux and running some I/O benchmarks that mimic your production system. Print out the results, then install NT on the same system and re-run the benchmarks. Choose whichever system performed best for you. Here are some good benchmark tools you could use. Not all of these will work on NT and Linux:

  • IOzone II (Probably your best bet) -- From the IOZone Web site ( “IOzone is a file system benchmark tool. The benchmark generates and measures a variety of file operations. Iozone has been ported to many machines and runs under many operating systems. Iozone is useful for performing a broad file system analysis of a vendor's computer platform.”
  • IOGEN/NTIOGEN -- Written by Symbios Logic. NTIOGEN is the NT port of UNIX benchmark program IOGEN. The program will output the number of processes, the average response time, the number of I/O operations per second, and the number of KB per second.
  • Bonnie -- Considered one of the best UNIX benchmarks available. It can be compiled under different UNIX flavors. I am not aware of an NT port.
  • IOstone -- IOstone is a multi-platform disk, file I/O, and buffer cache efficiencies benchmark program. This benchmark was originally created for UNIX and later ported to OS/2 and DOS.
  • Disktest -- Disktest allows any direct access device (and some sequential devices) to be tested while UNIX is still available to other users. Be careful to make the device that is to be tested unavailable to other system users.
  • IOBENCH -- Excellent I/O throughput and fixed workload benchmark for UNIX.
  • IOCALL -- IOCALL measures OS performance (in fact that is nearly all it measures). It also concentrates on system call interface efficiency, and especially read() system call performance, the most-used system call on most systems. IOCALL is intended for UNIX systems only.
  • RawIO -- Low-level raw device benchmarking program written by Greg Lehey, author of the book The Complete FreeBSD. This benchmark will only compile under BSD as it uses BSD specific mmap() call. Also being ported to Linux.
  • RAIDmark -- One of the only benchmarks that was specifically created to measure the performance of RAID arrays. RAIDmark benchmarking program by DynaTek Automation Systems Inc., measures cache size, system overhead, and application-level performance.
  • Qbench -- This is the DOS hard-disk benchmark from Quantum Corporation that measures data access time and data transfer rate. A nice benchmark for quick results.
  • COREtest -- DOS-based disk benchmarking program.
  • PostMark -- This is a benchmark to measure performance of email, netnews, and e-commerce classes of applications. PostMark was created to simulate heavy small-filesystem loads with a minimal amount of software and configuration effort.
  • Nbench -- A benchmark for Windows NT. Nbench reports the following components of performance:
    • CPU speed -- Integer and floating operations/sec
    • L1 and L2 cache speeds -- MB/sec
    • Main memory speed -- MB/sec
    • Disk read and write speeds -- MB/sec

SMP systems and multi-tasking OS efficiency can be tested using up to 20 separate threads of execution.

  • IOmeter -- Benchmark was written by Intel. IOMETER is a disk I/O subsystem measurement and characterization tool for single and clustered systems.
  • HD Tach -- HD Tach is a physical performance hard drive test for Windows 95/98 and Windows NT. In Windows 95/98, it uses a special kernel mode VXD to get maximum accuracy by bypassing the file system. A similar mechanism is used in Windows NT. HD Tach reads from areas all over the hard drive and reports an average speed. It also logs the read speeds to a text file that you can load into a spreadsheet and graph to display the results of the test.

 Q I hear the terms NAS and SAN thrown around a lot. What are they and what are they good for? We are about to implement a database project and I was thinking of setting up NAS for it.

 A Traditionally, NAS (network-attached storage) has referred to shared storage, attached to a LAN, accessible to a variety of operating-system platforms and servers through the use of high-level protocols such as NFS or CIFS. The beauty of NAS is that it is not “owned” by a single server but is equally available to all. NAS is great for sharing data that does not need high-speed I/O (man pages, print files, email, home directories, etc.). NAS is traditionally not used for database applications. Databases need fast access to their data. NAS has a lot of overhead. For example, if a user needs to access data that is NFS mounted, the request goes to the local NFS client. NFS then has to send the request down the TCP/IP stack, over the network, up the TCP/IP stack on the server side to the NFS server, which then sends the data back -- tons of overhead. SAN (Storage Area Network) is a high-speed network (Fibre channel) dedicated for storage. Current standards support 100-MB transfer rates. Servers attached to a SAN see the storage as if it were directly attached to the server. Since the server sees the SAN storage as directly attached, all requests are made at the filesystem level. There is no network protocol involved. In fact, SAN storage can be accessed through raw devices as well, providing optimal throughput. Implementing a SAN is a great way to set up a database. A properly implemented SAN allows for easy expansion, centralized management, LAN-free (and soon to be server-free) backups, etc.

You may think that instead of moving to a SAN, you can just upgrade the LAN to Gigabit Ethernet. While this approach may offer some of the performance benefits inherent in a SAN, it lacks other major SAN benefits that are available in a SAN topology. Incorporating a faster LAN does not change the traditional LAN architecture (the storage is still distributed and there are still a bunch of network stacks to traverse), so this approach does not provide the high-speed, direct-access path from all servers to all storage resources necessary for clustering. Since the storage is distributed, you cannot take advantage of the benefits of centralized management. Although it does enable high-speed bulk data transfers, it does not offload the LAN like a SAN does. Also, very few storage resources can just be plugged into Gigabit Ethernet and be shared. A SAN supports a much wider variety of storage resources.

 Q Are there any risks to using dynamic routes?

 A Machines using a dynamic route-receiving daemon like routed or gated are vulnerable to receiving incorrect routes. These routes can disable some or all connectivity to other networks. When possible, use static routes (routes added via the route commands in startup files), rather than the routing daemons. Usually, defining a default route to your router is all you need.

 Q What system services can I disable?

 A Each network service on the system should be inspected to determine whether the service it provides is appropriate for your environment. If not, disable the service. Some of these facilities are in the system startup files (in the “rc” directories). Other are started by inetd and configured in /etc/inetd.conf. Comment out the unnecessary facilities and kill -HUP the inetd daemon. Some common services to stop are:

tftp         systat         rexd        ypupdated       netstat
rstatd       rusersd        sprayd      walld           exec
comsat       rquotad        name        uucp
For a very secure system, replace the standard inetd.conf with one that includes not much more than SSH.

 Q I keep hearing that having programs or scripts that have the suid bit set is bad. I'm not sure I understand why.

 A There are a couple of ways to damage a UNIX box with a suid program. The easiest thing a cracker can do is exploit a suid program that uses the system() by changing the IFS. (IFS is the Internal Field Separator that the shell uses to delimit arguments.)

For example, if the program contains a line that looks like this:

and you change IFS to /, the program will then submit the following to the shell:

bin date
The shell interprets this as “run a program called bin and pass it date as an argument”. All a cracker has to do is have a program in his path called “bin”. The suid program will run your program instead of /bin/date. Imagine if “bin” looked something like this:

rm -rf  /*.*

To change IFS, use this command:

IFS='/';export IFS      # Bourne Shell
setenv IFS '/'          # C Shell
export IFS='/'          # Korn Shell
There are other, more creative ways to crack a suid script, as well to damage a system.

 Q What is network sniffing?

 A Network sniffing is listening (with software) to the raw Ethernet device for packets that interest you. When your software sees a packet that fits certain criteria, it logs it to a file. The most common criteria for an interesting packet is one that contains words like “login” or “password”. These words are usually followed by a password in clear text (i.e., you can read it). telnet sends clear-text passwords across the network. This is why many security-conscious shops are implementing SSH to replace telnet/rlogin, ftp, X Window, etc. SSH does not send clear-text passwords across the network.

 Q How do I set up IP aliasing?

 A An IP alias is an extra IP address that may be in a completely different subnet and domain than a host's primary IP address. This is often desired by Web-service providers. A server can determine the IP address to which a particular request was sent and respond accordingly, so IP aliasing allows one system to have multiple, independent Web servers on a single machine. To configure it (on a Linux box), do the following:

1. Load the IP Alias module (you can skip this step if you compiled the module into the kernel):

     /sbin/insmod /lib/modules/‘uname -r‘/ipv4/ip_alias.o
2. Set up the loopback, eth0, and all the IP numbers beginning with the main IP number for the eth0 interface:

     /sbin/ifconfig lo
     /sbin/ifconfig eth0 up
     /sbin/ifconfig eth0
     /sbin/ifconfig eth0:0
     /sbin/ifconfig eth0:1 is the main IP number. .4 and .6 are the aliases.

3. Finally, set up the routes:

     /sbin/route add -net
     /sbin/route add -net dev eth0
     /sbin/route add -host dev eth0
     /sbin/route add -host dev eth0:0
     /sbin/route add -host dev eth0:1
     /sbin/route add default gw
You should now be able to ping each of the IP addresses! Add the commands from steps 2 and 3 in /etc/rc.d/rc.local to make these changes persistent.

 Q I am running Windows 98 on my desktop and want to configure Linux on this desktop. How I can configure both without destroying the current Windows 98 environment?

 A You can get BootMagic and set up a dual-boot system. You can also use LILO (it comes with Linux). You can also buy a kit that allows you to swap hard drives without opening the case each time. This way you can shut down, pull the Windows disk, pop in the Linux disk, and reboot. I like the “one disk per OS” approach for a couple of reasons. One reason is that it is less complex than a dual-boot system. Additionally, you have the ability to boot another system should one disk crash. You are also less likely to corrupt the idle operating system if it isn't even in the system when not in use.

About the Author

Jim McKinstry is a Senior Sales Engineer for MTI Technology Corporation ( MTI is a leading international provider of data storage management products and services. He can be reached at: