Tag: linux

Repair Linux Boot failures in Grub 2 rescue mode

As GRUB 2’s ability to fix boot problems is greatly improved over the original GRUB bootloader. This article provides the you with information on options available for repairing GRUB 2 boot issues and specific instructions on how to use the GRUB 2 terminal. The instructions are written for GRUB 2.

How it looks?

There are basically three messages or error or screen mode whatever you say, when grub fails to boot.

grub: This is the screen mode you see when grub has found everything ecept the configurationn file. This file probably will be grub.conf.

grub rescue: This is the mode when GRUB 2 is unable to find the grub folder or its contents are missing/corrupted. The GRUB 2 folder contains the menu, modules and stored environmental data.

GRUB: Just “GRUB” nothing else indicates GRUB 2 failed to find even the most basic information needed to boot the system.

This is are the basic errors that we se on the boot. Althought there are few more errors that can be seen on the screen like frozen splash screen, Busybox or Initramfs: GRUB 2 began….
But each of the GRUB 2 failure modes can be corrected either from GRUB 2 terminal or the Live boot CD or DVD of the distro , there are also 3rd party rescue tools available out there.

Basic Commands available.

This are the commands that can be used when when you enter the GRUB 2 terminl mode by pressing “c”.

boot (Initiate the boot, also F10 or CTRL-x)

cat (view the contents of config or txt files; cat (hd0,1)/boot/grub/grub.cfg)

configfile (Load a GRUB 2 configuration file such as grub.cfg; configfile (hd0,5)/boot/grub/grub.cfg.)

initrd (Loads the initrd.img, necessary for booting; initrd (hd0,5)/initrd.img.)

insmod (Loads a module; insmod (hd0,5)/boot/grub/normal.mod, or insmod normal.)

linux (Loads the kernel; insmod /vmlinuz root=(hd0,5) ro.)

loop (Mount a file as a device; loopback loop (hd0,2)/iso/my.iso.)

ls (lists the contents of a partition/folder; ls, ls /boot/grub, ls (hd0,5)/, ls (hd0,5)/boot.)

lsmod (List loaded modules.)

normal (Activate the normal module, if loaded.)

search (Search for a device. Type help search for the available options.)

set (Review current settings, or set XXX to set a variable such as colors, prefix, root.)

vbeinfo (Display GRUB 2 available resolutions.)

The Rescue Shell.

If you get a rescue shell, this usually means that GRUB failed to load the “normal” module for some reason. It may be possible to work around this temporarily: for instance, if the reason for the failure is that “prefix” is wrong (perhaps it refers to the wrong device, or perhaps the path to “/boot/grub” was not correctly made relative to the device), then you can correct this and enter normal mode manually: Inspect the current prefix (and other preset variables):

set

You will probably have an output more or less like this:

Your output may differ but you get the information required. Find out which devices are available:

ls

Set to the correct value, which might be something like this:

set prefix=(hd0,1)/grub

(this has to be done according to your own drive name)

set root=(hd0,1)

(this has to be performed according to your own drive name.)

insmod normal
normal

The above commands will get you out of the rescue mode to the normal terminal mode. In the terminal mode you have more commands and with increased functionality.
After the above commands you can go ahead and start the rest of the settings.

insmod linux
* linux /vmlinuz root=/dev/sdXY ro

(if this doesn’t work try this)

linux /boot/vmlinuz-3.2.0-14-generic root=/dev/sda1 ro

(optional)

initrd /initrd.img

(Selects the initrd image.)

boot

After Booting in to the system.

Update the grub config file.

sudo update-grub

Reinstallation of grub on the device:

sudo grub-install /dev/sdX

This should the thing for the rescue part and your system should be good and running. If not you can save all your trouble by using Boot Repair. This is the tool used to repair your complete boot menu. It can be downloaded directly and used as a Live Boot CD or DVD. Here is the download link.

 

How to create a jailed ssh user with Jailkit on Debian Wheezy

How to create a jailed ssh user with Jailkit on Debian Wheezy

 

This document describes how to install and configure Jailkit in Debian Wheezy Server.  Jailkit is a set of utilities to limit user accounts to specific files using chroot() and or specific commands. Setting up a chroot shell, a shell limited to some specific command, or a daemon inside a chroot jail is a lot easier and can be automated using these utilities.

Jailkit is known to be used in network security appliances from several leading IT security firms, internet servers from several large enterprise organizations, internet servers from internet service providers, as well as many smaller companies and private users that need to secure cvs, sftp, shell or daemon processes.

1 Preliminary Note

This tutorial is based on Debian 7.6 server, so you should set up a basic Debian 7.6 server installation before you continue with this tutorial. The system should have a static IP address. I use 192.168.0.100 as my IP address in this tutorial and server1.example.com as the hostname.

2 Install Jailkit

We will first download and install the Jailkit. At present time of writing this guide the latest available version of Jailkit is 2.17. I will download it and install it as follows:

cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.17.tar.gz
tar xvfz jailkit-2.17.tar.gz
cd jailkit-2.17

Jailkit requires some packages before its installation, we will install them as follows:

apt-get install build-essential autoconf automake1.9 libtool flex bison debhelper binutils-gold python

Now our system is ready to install the Jailkit, install it as follows:

./debian/rules binary
cd ..
dpkg -i jailkit_2.17-1_amd64.deb

It will install the Jailkit in Debian Server, we can remove the extra packages from /tmp:

rm -rf /tmp/jailkit*

3 Jailing a user

Now we will create  a user which will be jailed using Jailkit as:

adduser srijan

root@server1:~#adduser srijan
Adding user `srijan’ …
Adding new group `srijan’ (1001) …
Adding new user `srijan’ (1001) with group `srijan’ …
Creating home directory `/home/srijan’ …
Copying files from `/etc/skel’ …
Enter new UNIX password: –password
Retype new UNIX password:–password
passwd: password updated successfully
Changing the user information for srijan
Enter the new value, or press ENTER for the default
Full Name []: –ENTER
Room Number []:–ENTER
Work Phone []:–ENTER
Home Phone []:–ENTER
Other []:–ENTER
Is the information correct? [Y/n] –Y
root@server1:~#

In my case I am creating the user srijan, you can use any name.

Next we will check the information about user srijan in /etc/passwd as:

egrep srijan /etc/passwd

root@server1:/tmp# egrep srijan /etc/passwd
srijan:x:1001:1001:,,,:/home/srijan:/bin/bash
root@server1:/tmp#

Next we will jail the created user. Create a directory /jail for Jail environment:

mkdir /jail

Now we will provide the Jail with some of the default programs environment as:

jk_init -v /opt/jail netutils basicshell jk_lsh openvpn ssh sftp

We can give other values also, the complete list of the Jail environment can be checked in the file

nano /etc/jailkit/jk_init.ini

Now Jail is ready, just add the user inside the environment:

jk_jailuser -m -j /jail/ srijan

Again check the values in /etc/passwd for user srijan:

egrep srijan /etc/passwd

root@server1:/tmp# egrep srijan /etc/passwd
srijan:x:1001:1001:,,,:/jail/./home/srijan:/usr/sbin/jk_chrootsh
root@server1:/tmp#

Now our user have been added in the Jailed environment. I will connect the Debian server with bash terminal with its IP 192.168.0.100:

ssh srijan@192.168.0.100

root@server1:~$ ssh srijan@192.168.0.100
The authenticity of host ‘192.168.0.100 (192.168.0.100)’ can’t be established.
ECDSA key fingerprint is 3d:ca:91:67:96:39:15:b4:0f:6e:c8:2c:92:ef:25:d7.
Are you sure you want to continue connecting (yes/no)? yes
srijan@192.168.0.100’s password:
Linux server1 3.2.0-4-amd64 #1 SMP Debian 3.2.60-1+deb7u3 x86_64The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Connection to 192.168.0.100 closed.
root@server1:~$

Connection is getting closed as the user don’t have logging shell, lets add it in the configuration file for Jail:

nano /jail/etc/passwd

root:x:0:0:root:/root:/bin/bash
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
#srijan:x:1001:1001:,,,:/home/srijan:/usr/sbin/jk_lsh
srijan:x:1001:1001:,,,:/home/srijan:/bin/bash

It will add the bash prompt for the jailed user srijan.  Now again try the ssh login with srijan user and you will be able to login:

ssh srijan@192.168.0.100

Now check the root directory content, you will notice that it have contents like this:

ls /

srijan@server1:~$ ls /
bin  dev  etc  home  lib  lib64  usr
srijan@server1:~$

4 Running services and commands in Jailed environment

Jail can be used to run services in Jailed environment. Suppose we want to run any service in Jailed environment then we will use jk_chrootlaunch command for that:

jk_chrootlaunch -j /jail -u srijan -x ‘service apache2 start’

Here I am starting the service of Apache, similarly you can run any service or daemon with it in Jailed environment.

Suppose we want to run a particular command in Jail environment then we will use jk_cp. Lets test it in Jailed environment when we will run cal then it shows as follows:

cal

srijan@server1:~$ cal
bash: cal: command not found
srijan@server1:~$

It means Jail environment don’t knows the cal command, now I will add it in Debian Server as follows:

jk_cp  -v -j /jail/ /usr/bin/cal

root@server1:~# jk_cp  -v -j /jail/ /usr/bin/cal
Creating symlink /jail/usr/bin/cal to ncal
Copying /usr/bin/ncal to /jail/usr/bin/ncal
Creating symlink /jail/lib/x86_64-linux-gnu/libncurses.so.5 to libncurses.so.5.9
Copying /lib/x86_64-linux-gnu/libncurses.so.5.9 to /jail/lib/x86_64-linux-gnu/libncurses.so.5.9
/jail/lib/x86_64-linux-gnu/libtinfo.so.5 already exists, will not touch it
/jail/lib/x86_64-linux-gnu/libc.so.6 already exists, will not touch it
/jail/lib/x86_64-linux-gnu/libdl.so.2 already exists, will not touch it
/jail/lib64/ld-linux-x86-64.so.2 already exists, will not touch it
/jail/lib/x86_64-linux-gnu/libtinfo.so.5 already exists, will not touch it
/jail/lib/x86_64-linux-gnu/libc.so.6 already exists, will not touch it
/jail/lib/x86_64-linux-gnu/libdl.so.2 already exists, will not touch it
/jail/lib64/ld-linux-x86-64.so.2 already exists, will not touch it
root@server1:~#

Again run the cal command in Jailed environment:

cal

srijan@server1:~$ cal
September 2014
Su Mo Tu We Th Fr Sa
1  2  3  4  5  6
7  8  9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30

srijan@server1:~$

So we have added the command for the Jailed environment. Congratulations! Now we have successfully configured Jail environment in Debian Wheezy 🙂

5 Links

How to limit CPU usage with CPULimit on Ubuntu Linux

How to limit CPU usage with CPULimit on Ubuntu Linux

 

This document describes how to limit CPU usage in Ubuntu 14.04. I will use CPU-limit utilty for this purpose. Cpulimit is a tool which limits the CPU usage of a process (expressed in percentage, not in CPU time). It is useful to control batch jobs, when you don’t want them to eat too many CPU cycles. The goal of cpulimit is to prevent a process from running for more than a specified time ratio. It does not change the nice value or other scheduling priority settings, but the real CPU usage. Also, it is able to adapt itself to the overall system load, dynamically and quickly.
The control of the used CPU amount is done sending SIGSTOP and SIGCONT POSIX signals to processes.
All the children processes and threads of the specified process will share the same percentage of CPU.

1 Preliminary Note

This tutorial is based on Ubuntu 14.04 server, so you should set up a basic Ubuntu 14.04 server installation before you continue with this tutorial. The system should have a static IP address. I use 192.168.0.100 as my IP address in this tutorial and server1.example.com as the hostname.

2 Installation

Firstly we need to install cpulimit as follows:

apt-get update
apt-get install cpulimit

3 Limiting CPU usage

Now we will check the utility for limiting the CPU usage. For this we will first check the CPU usage without cpulimit and then implement the cpulimit to evaluate the same. Lets make it clear with the example.

  1. Here is an example of how to utilize your CPU with an application in single core CPU:

dd if=/dev/zero of=/dev/null

root@server1:~# dd if=/dev/zero of=/dev/null
[1] 1850
root@server1:~#

Then we will check the CPU usage with command:

top

top – 11:24:18 up 49 min,  1 user,  load average: 0.94, 1.02, 1.79
Tasks: 249 total,   2 running, 247 sleeping,   0 stopped,   0 zombie
%Cpu(s): 13.4 us, 11.6 sy,  0.0 ni, 74.9 id,  0.0 wa,  0.1 hi,  0.0 si,  0.0 st
KiB Mem:   1010540 total,   271652 used,   738888 free,    21760 buffers
KiB Swap:  1048572 total,        0 used,  1048572 free.   158204 cached Mem

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND
1850 root      20   0    7224    616    520 R 100.0  0.1   1:20.33 dd
1851 root      20   0   24952   1756   1180 R   0.3  0.2   0:00.03 top
1 root      20   0   33480   2776   1456 S   0.0  0.3   0:05.31 init
2 root      20   0       0      0      0 S   0.0  0.0   0:00.01 kthreadd

As we can see that CPU usage have gone 100%, now we will use the cpulimit to limit the CPU usage. We can bring up this process to foreground using fg and cancel it with CTRL+C

fg

root@server1:~# fg
dd if=/dev/zero of=/dev/null
^C222182151+0 records in
222182150+0 records out
113757260800 bytes (114 GB) copied, 259.084 s, 439 MB/s

root@server1:~#

Now we can test cpulimit to see if it actually does what it is supposed to. Let test it as follows:

cpulimit -l 30 dd if=/dev/zero of=/dev/null

root@server1:~# cpulimit -l 30 dd if=/dev/zero of=/dev/null
[1] 1852
root@server1:~# Process 1853 detected[1]+  Done                    cpulimit -l 30 dd if=/dev/zero of=/dev/null
root@server1:~#

Now we will check the CPU usage with top command:

top

top – 11:30:54 up 55 min,  1 user,  load average: 0.20, 0.58, 1.34
Tasks: 250 total,   2 running, 247 sleeping,   1 stopped,   0 zombie
%Cpu(s):  4.5 us,  4.1 sy,  0.0 ni, 91.4 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem:   1010540 total,   271944 used,   738596 free,    21816 buffers
KiB Swap:  1048572 total,        0 used,  1048572 free.   158212 cached Mem  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND
1853 root      20   0    7224    612    520 T  33.8  0.1   0:35.53 dd
1 root      20   0   33480   2776   1456 S   0.0  0.3   0:05.37 init
2 root      20   0       0      0      0 S   0.0  0.0   0:00.01 kthreadd
3 root      20   0       0      0      0 S   0.0  0.0   0:00.02 ksoftirqd/0
4 root      20   0       0      0      0 S   0.0  0.0   0:00.00 kworker/0:0

Now you can see  that the CPU usage have decreased from 100% to 33.8% almost 30%. So we have successfully checked the utility cpulimit which is able to limit the usage of CPU consumption in a single core Ubuntu distro.

  1. Here is an example of how to utilize your CPU with an application in multiple core CPU:

For checking your CPU core use the command:

nproc

 In my case it is CPU core count was 4.
Now we will proceed to check the CPU usage without cpulimit in all 4 cores for the an application as follows:

for j in `seq 1 4`; do dd if=/dev/zero of=/dev/null done

It will run the command utilizing all the cores and yeild the output as:

root@server1:~# for j in `seq 1 4`; do dd if=/dev/zero of=/dev/null done
[1] 1263
[2] 1264
[3] 1265
[4] 1266
root@server1:~#

Now check the CPU usage with top command:

top

top – 11:47:45 up 4 min,  1 user,  load average: 3.63, 1.53, 0.57
Tasks: 290 total,   5 running, 285 sleeping,   0 stopped,   0 zombie
%Cpu0  : 48.3 us, 51.3 sy,  0.0 ni,  0.0 id,  0.0 wa,  0.3 hi,  0.0 si,  0.0 st
%Cpu1  : 47.8 us, 52.2 sy,  0.0 ni,  0.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
%Cpu2  : 53.3 us, 46.4 sy,  0.0 ni,  0.0 id,  0.0 wa,  0.3 hi,  0.0 si,  0.0 st
%Cpu3  : 52.0 us, 48.0 sy,  0.0 ni,  0.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem:   1010540 total,   209712 used,   800828 free,    20276 buffers
KiB Swap:  1048572 total,        0 used,  1048572 free.    93632 cached Mem

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND
1263 root      20   0    7224    612    520 R 100.0  0.1   2:21.40 dd
1264 root      20   0    7224    616    520 R 100.0  0.1   2:21.41 dd
1265 root      20   0    7224    612    520 R  99.0  0.1   2:21.03 dd
1266 root      20   0    7224    616    520 R  98.0  0.1   2:20.82 dd
1281 root      20   0  104416   3992   2920 S   1.0  0.4   0:00.03 sshd
1283 root      20   0  104416   3988   2920 S   1.0  0.4   0:00.03 sshd
1279 root      20   0  104556   4008   2924 S   0.7  0.4   0:00.08 sshd

The dd command is consuming almost 100% CPU of all the cores.  Next we will check the command with the cpulimit utility. For this kill previous traces for the dd command as follows:

killall dd

root@server1:~# killall dd
[1]   Terminated              dd if=/dev/zero of=/dev/null
[3]-  Terminated              dd if=/dev/zero of=/dev/null
[2]-  Terminated              dd if=/dev/zero of=/dev/null
[4]+  Terminated              dd if=/dev/zero of=/dev/null
root@server1:~#

Now use cpulimit with the same command as follows:

for j in `seq 1 4`; do cpulimit -l 20 dd if=/dev/zero of=/dev/null done

root@server1:~# for j in `seq 1 4`; do cpulimit -l 20 dd if=/dev/zero of=/dev/null done
[1] 1429
[2] 1430
[3] 1431
[4] 1432
root@server1:~# Process 1434 detected
Process 1433 detected
Process 1437 detected
Process 1439 detected

[1]   Done                    cpulimit -l 20 dd if=/dev/zero of=/dev/null
[2]   Done                    cpulimit -l 20 dd if=/dev/zero of=/dev/null
[3]-  Done                    cpulimit -l 20 dd if=/dev/zero of=/dev/null
[4]+  Done                    cpulimit -l 20 dd if=/dev/zero of=/dev/null
root@server1:~#

Now check the CPU usage wit the cpulimit utility.

top

top – 11:59:10 up 16 min,  2 users,  load average: 0.47, 0.71, 0.81
Tasks: 256 total,   2 running, 251 sleeping,   3 stopped,   0 zombie
%Cpu0  :  2.0 us,  2.0 sy,  0.0 ni, 96.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
%Cpu1  : 26.2 us, 22.8 sy,  0.0 ni, 50.7 id,  0.0 wa,  0.3 hi,  0.0 si,  0.0 st
%Cpu2  : 14.0 us, 12.3 sy,  0.0 ni, 73.8 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
%Cpu3  : 13.3 us, 11.6 sy,  0.0 ni, 75.1 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem:   1010540 total,   204064 used,   806476 free,    20408 buffers
KiB Swap:  1048572 total,        0 used,  1048572 free.    98340 cached Mem

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND
1433 root      20   0    7224    612    520 T  28.2  0.1   0:12.00 dd
1439 root      20   0    7224    616    520 R  26.6  0.1   0:12.13 dd
1434 root      20   0    7224    612    520 T  25.3  0.1   0:11.97 dd
1437 root      20   0    7224    612    516 T  22.9  0.1   0:11.93 dd
7 root      20   0       0      0      0 S   0.3  0.0   0:00.22 rcu_sched
8 root      20   0       0      0      0 S   0.3  0.0   0:00.21 rcuos/0

As you can see above that the CPU usage is limited from 100%  to 20% almost for multiple core CPUs.

Congratulations! We have successfully tested the cpulimit for limiting the CPU usage in Ubuntu 14.04 🙂

4 Links