Open in app

Sign in

Write

Sign in

Mastering Linux: CGroups, NetCat, Systemcall, and Terminal Multiplexer.

Prithvi A Parit
Fasal Engineering
Published in
5 min readMay 25, 2023

Basic information

We all know the CPU executes all the instructions only when our code loads on top of RAM. The kernel is the one which loads our code on top of RAM. By default, Kernel gives all the RAM, CPU, network speed, and storage if a process asks. We will learn how to limit these resources.

When program loads on top of RAM its called process.

Session

Each time we log in to our server from the same account or a different account a new session is created. we can use loginctl command to check all the sessions.

Limiting the number of tasks/processes and RAM for each session.

CGroup: Control group is the capability of Linux that we can use to set limits for resources.

CGroup can be applied for each user also.

Scope: Each session has a Scope associated with it.

We can set constraints directly on users also but now we do on session.

#loginctl user-status ec2-user command can be used to see all sessions of a user and process under each session.

We can also limit total sessions a user can create by editing a file /etc/systemd/login.conf

Unit file: CGroup every time looks for this file, so we have to edit this file and set limits. We perform this using systemctl command

systemctl edit session-18.scope this command we use to edit the unit file. We run systemctl edit session-18.scope and write these 3 lines.

Here we have proof as we have set the limit to only 8 processes as we run a few extra processes it fails.

Slice: if we have 7 tasks running and the limit is 8 then we say 7 slices. Slices provide a flexible way to manage and allocate system resources in a hierarchical manner, allowing administrators to prioritize and control the resource allocation for different types of processes or groups of processes within a Linux system.

Docker internally uses CGroups.

Difference between Slice and Scope.

In summary, while both scope and slice provide mechanisms for grouping and managing processes within the cgroup hierarchy, the scope is primarily used for managing resources within a specific context (such as systemd units), while slice is used for hierarchical resource allocation and management across the system

user-1000.slice:

This we edit directly which applies to all users and sessions.

systemctl edit user-1000.slice — force this command we run first and this 3 lines.

We can also edit in other ways:

#systemctl daemon-reload
we must run this after running the above command.

Some important commands
#journalctl -u session-18.scope
every record of all users and sessions.

#loginctl session-status
complete info of present session.

#systemctl show  user-1000.slice -p MemoryCurrent
Command to see memory used by present user

#systemctl set-property user-1000.slice MemoryLimit=10G
edit user-1000.slice directly

#systemctl daemon-reload
we must run this after running above command.

#last
Which user loged in.

#lastb
All people trying to attack.

tlog

This command records whatever we perform in cli and we can play it later.

#tlog-rec --file-path=mylog
#tlog-play --file-path=my.log
#exit

ps -aux

Command to see all processes.

top

Command to live tracking processes.

Terminal Multiplexer(tmux)

This we can use to have multiple windows.

We can use:

  • ctrl+b and arrow marks to switch.
  • ctrl+b and “ for a new division.
  • ctrl+b and d to detach.

Systemcall/syscall

Every command we run goes to the kernel as instructions, this is called syscall. Whatever happens in the kernel we say kernel space/system space.

Context Switching: Kernel uses syscall to do its work. Strace is the command to check this.

#strace -c cat /etc/passwd. This command we run to see all context switching.

Auditing: We can audit syscall and try to optimize things.

/var/log/audit This folder has all the logs of syscalls.

we use auditctl command to fetch all syscall logs respective to /etc/passwd.

# auditctl -w /etc/passwd -p rwa -k mynewkey
# ausearch -k mynewkey
# tail -f /var/log/audit/audit.log

# auditctl -a always,exit -F arch=b64 -S write -S bind -k mync

anyone creates write, bind syscall then we capture that. Detailed information https://www.kernel.org/doc/html/v4.19/userspace-api/seccomp_filter.html

Netcat(nc)

This is used to send and receive messages from other servers by exposing a port number.

The left side terminal is an ec2 instance we make it a server. The right side terminal is the base os we connect to the server. After connection, we can send and receive messages.

#nc — exec /bin/bash — keep-open -l 1234

This is a very dangerous command by this client can connect and run commands on the server and see the output.

Linux
Linux Kernel
Linux Tutorial

--

--

Prithvi A Parit
Fasal Engineering

Written by Prithvi A Parit

48 Followers
Writer for

DevOps Engineer at Pharmeasy, 4 x redhat certified. LinkedIn: http://www.linkedin.com/in/prithvi-a-parit

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams