Tag Archives: Auto Draft

Hardware Stress Testing with Linux

Linux is a flexible and universal operating system because of many positive properties. One of its less well-known applications, however, is as a hardware diagnostics tool.

For functional and performance tests, many people still tend to rely on expensive special solutions running on other operating systems, but the small StressLinux Live distribution lets you test your system’s capabilities without the complex handling and high costs of other tools.

Based on openSUSE 11.4 and BusyBox, StressLinux is available as a 200MB, or 225MB ISO image for 64-bit and 32-bit architectures. Alternative versions are available for use with USB storage media or in a virtual machine. You can find easily understandable documentation for creating a bootable medium at the project website.


After launching, StressLinux initially comes up with an anachronistic text screen and rudimentary line graphics on a black background. Once the operating system is ready, you need to log in: The username and password are both stress . The routine then branches to the YaST2 configuration tool in text mode, which first customizes the keyboard, if needed, in the familiar blue window. The software prompts you to enter the motherboard. If you are not sure what board you have installed, or you use a laptop with a motherboard designed specifically for mobile use, simply press the OK button to enable the first list entry, Run_sensors-detect . Your hardware is then checked in several individual steps for the availability of various sensors. On completion, the system shows possible test and benchmark commands in a table, displays a prompt, and waits for your input (Figure 1).


Figure 1: StressLinux offers a wide range of stress tests.

The top of the table displays an impressive number of test routines that are customized for specific hardware. These routines are sorted by manufacturers Intel and AMD. Below are programs that cover a wider range of tests, as well as tests that check network speed and mass memory. If you don’t know what hardware is installed in your system in detail, you can list the most important components by running the lshw command. The output from lshw is extensive, but you can page the output on screen with:

lshw | more

so you can view the details at your leisure. To determine the exact processor type, enter x86infoat the prompt; this gives you the most important technical data for your CPU (Figure 2).


Figure 2: Short and to the point: CPU specs.

CPU and Chipset Testing

The first six programs in the list are available in some software repositories as part of the cpuburnsuite. These programs test processors and chipsets from Intel and AMD – including the legacy K6 and K7 series, as well as modern compatible systems – at the highest possible load, allowing you to determine the extent to which a processor is suitable for overclocking and helping you home in on hardware problems. For example, a system under full load that switches off after a few minutes could indicate defective or insufficient CPU cooling.

You can start the test program in each case by running the console command specified in the list; this does not require administrative privileges. Because the programs do not usually output anything on screen, you should run your hardware tests in the background, so you can work at the console while the application is running. To test your state-of-the-art Intel CPU extensively, type in the command sequence

burnP6 || echo $? &

at the console. The CPU is fully loaded, so if you now run the top command on the console to display percent system utilization by various processes, burnP6 will always appear at the top of the list with a permanent CPU load of well over 95%.

StressLinux monitors the thermal performance of your system under load almost in real time, showing the relevant information with F10 through F12 key combinations.

The keyboard shortcut Ctrl+Alt+F12 takes you to the current temperature display for all sensors found on the system and displays fan speeds. Nearby is the CPU temperature display, which also indicates the maximum permissible operating temperature. If the display shows a sharp sensor temperature rise after a short time, and a higher fan speed does not have any influence on the heat development recorded by the sensors, it is best to check the cooling system. This is especially true for CPU cooling, in that thermal paste that dries over time directly on the processor can act as an insulator, ultimately resulting in damage to the system.

The keyboard shortcut Ctrl+Alt+F11 displays the current storage device temperatures. Under full load, and even after prolonged exposure to the stress test, the hard disk operating temperature should not rise above 50C; otherwise, you could experience data loss and damage.

Pressing Ctrl+Alt+F10 takes you to a graphically enhanced display of your network throughput; only the eth0 interface is monitored. This display remains inactive for CPU and chipset tests.

System Test

Typing the stress command launches a more comprehensive system test; in addition to the CPU, it checks the memory interface, memory, and, if necessary, storage devices. Because this test suite has an impressive number of parameters with which the individual routines can be adjusted, you should first run stress –help to get an overview of the possible options. To automate tests without overloading the system with too long a run time, you can set a time limit for the stress test run.


As hard disks grow older, they often become the weak component of a system; loss of data from a technical defect can have fatal consequences. StressLinux checks the health of your hard disks with two tools, bonnie++ and smartctl . Whereas Bonnie++ is a tool for benchmarking storage media, Smartctl supports test runs and shows the current technical condition of the hard drive. To start this useful tool, you must be the StressLinux root user or equivalent. The su – command gives you root privileges after entering the root password, stresslinux .

If you run the

smartctl -a <drivename> | more

command and see some data in the error log, you should back up at least your most important files. If you want to perform some additional test runs, typing smartctl –help will list the extensive set of parameters along with a few examples (Figure 3).


Figure 3: Smartctl can squeeze out all the details about your storage devices.


To measure the throughput of your network interface, StressLinux provides the netio program, which measures data transfer between two computers, with one computer acting as the server.

After launching StressLinux on both machines in Live mode, you can launch the program on the server with the command

netio -s

and on the client by entering:

netio <server IP address>

StressLinux shows you the data throughput in list form with different packet sizes. Alternatively, you can display a bar graph of the transfer speed with Ctrl+Alt+F10.


StressLinux is a useful tool that can thoroughly put your hardware through its paces. The software does not dazzle with elaborate graphical gimmicks but does expect the user to have some knowledge of the command line.

As a Live “mini-distribution,” StressLinux will help you locate possible sources of errors and bottlenecks quickly and reliably, without the need for a time-consuming installation on the hard drive. In particular, StressLinux proves to be an excellent tool if you want to troubleshoot problems with the processor or cooling system. Of course, you need to keep an eye on the thermal performance of your system under load to prevent damage from overheating in the event of insufficient cooling capacity.

For serious PC users and IT engineers, StressLinux is an indispensable tool for diagnosing hardware problems and therefore belongs in every well-stocked toolbox.

Linux Remote Administration on Android and iOS

Smartphones and tablets have lost their gadget status and become part of the system administrator’s tool kit. We look at the most important apps for admins.

In the pre-smartphone era, which was not so long ago, it was hard to imagine a practical use for a mobile device in system administration – if you discount laptops with graphical and web interfaces or terminal software designed for high latency.

All that has changed: With ubiquitous broadband and mobile data connections and with hotspots and WLANs widespread in the enterprise, admins are increasingly able to leave their desks and get out of the server room. Smartphones and tablets with sufficiently large screen sizes are mutating into multifunctional tools that can do most of the important tasks while on the road or in an emergency.

Device Zoo

Android devices are not characterized by any kind of version homogeneity, so we decided to test the programs on various devices: a Nexus 4 with the latest Android 4.3, a Nook HD+ with a slightly older version of Android 4, an ancient Motorola Defy with Cyanogen Mod 7 Android 2.3.7, a Sony Experia with Android 2.3 and many backports by the manufacturer, and an HTC Desire Z with Android AOSP 4.2.2. None of the tested programs had compatibility issues on any of the devices.

On the Apple front, we had access to an iPhone with iOS 6 and a first-generation iPad with iOS 5 – again, with no compatibility issues (Figures 1 and 2).


Figure 1: It doesn’t always have to be the laptop. Smartphones and tablets of various sizes, price ranges and flavors support mobile administration.


Figure 2: Even elderly devices like the HTC Desire Z, which is several years old, can be used for quick admin work on the go. A current, reasonably secure Android with VPN is a must-have in this case.

Stores and VPN

If you rummage through the Google Play Store or Apple’s App Store, you are likely to find a large number of mostly free apps that help sys admins manage the systems they support in a reasonably convenient way while using a fairly small mobile device. Additionally, a variety of tools sprinkled throughout the web make life easier for IT professionals.

Most systems are not exposed to the Internet without protection but are, instead, well hidden behind a firewall, so access can only be made via a VPN connection in most cases. Setting up this connection is described for Android and iOS elsewhere.

Lord of the Console

If you frequently manage Unix and Linux servers, your primary tool is going to be an SSH client. On Android devices, ConnectBot by Kenny Root and Jeffrey Sharkey is probably the best choice at this time (Figure 3).


Figure 3: SSH with ConnectBot (from the developers’ website).

It supports logins using SSH key pairs and can also tunnel ports, which proves especially useful if you want SSH access to replace a full-fledged VPN.

ConnectBot establishes several simultaneous sessions and enables copy and paste to other applications – for example, to inform colleagues of the current system status by mail or to use a cheat sheet with frequently used commands. Even those who use a password manager likeKeePassDroid on the road will soon appreciate this function. A nice detail is that ConnectBot can issue commands automatically for the user after login. This post-login automation then takes care of standard tasks such as checking active logins or resources.

X for Android

Executing commands on startup is also useful for exporting a display, so you can start graphical applications in combination with the X Server for Android. Unfortunately, android-xserver does not support the necessary extensions to launch Firefox, for example. Nevertheless, it continues to offer the most comprehensive X server implementation on Android.

Hacker’s Keyboard

If you are familiar with the advantages of keyboard-based controls in a shell, you will definitely appreciate some advanced features for touchscreens, including the often missing Tab key for auto-completion. Only a few Android devices have this practical detail preinstalled (Figure 2), andHacker’s Keyboard (Figure 4) makes the Unix shell with ConnectBot far more pleasant to use by retrofitting Tab, Ctrl, Esc, and arrow keys.


Figure 4: ConnectBot and Hacker’s Keyboard in action together. Friends of the command line will feel more at home with this than with the standard layout.

During installation, note that new Android keyboards are not automatically active for safety reasons; instead, the user needs to activate them in the system settings. Although this seems unnecessarily complicated at first, it actually makes perfect sense: Unintentionally installed keyboards could act as keyloggers and sniff passwords, among other things.

Apple Console

On the iOS front, iSSH (Figure 5) provides a powerful SSH client.


Figure 5: iSSH for iOS devices provides an integrated X server (showing Xclock here) and can also start Firefox in addition to X11 applications.

Apart from the features described for ConnectBot, it even supports Remote Desktop Protocol (RDP) and Virtual Network Computing (VNC) out of the box, and it comes with its own X server.

You can launch Firefox without any problems, although you do have to make some compromises compared with the mobile version, which is optimized for tablets and smartphones. It’s still better to use a slow Firefox tunneled over SSH than to expose intranet resources.

Thanks to its own X server, iSSH is much more convenient to use than teaming up ConnectBot and an X server because much less configuration effort is necessary.

Remote Windows

If command-line access is not enough, and you also need access to Windows systems, individual apps for terminal server protocols such as RDP and VNC offer a wide selection. This desire for more convenience leads to an app with the cumbersome name PocketCloud Remote RDP/VNCby Wyse Technology, which allows RDP and VNC access to Windows, Linux, and Mac systems and is available for both Android and iOS.

The app supports two ways of logging in. The first asks for the IP address or hostname of the target system, the destination port, and any other necessary login information. The second method, automatic mode, requires PocketCloud Companion to be installed on the target system and a Gmail account. This alternative is especially interesting for private systems regularly monitored beyond the corporate network.

The major restriction with the free version is that it only lets you store one connection. Before creating a new connection, the user must delete the existing one. If this is not enough for you, you can purchase the commercial version for about US$ 15; the Pro version has no such limitations and even includes 256-bit NLA/TLS encryption for RDP connections and support for VMware View.

If you often need to open several different RDP sessions, you can use 2X Client RDP/Remote Desktop. It works even with the ancient Android version 1.6 and allows you to create multiple connections. For VNC access only, Mocha VNC Lite provides an alternative for Android and iOS. Unfortunately, it also allows only one server.


Admins who depend on managing their remote systems on Free NX or the proprietary NX by NoMachine are left out in the cold. Currently, not a single client runs on Android or iOS, although a how-to for geeks describes how to run NX in a chroot environment with Ubuntu on Android; however, the benefits of this solution in the daily grind would appear to be minimal.

NoMachine is apparently working on a client for Android and iOS, but it was not available before we went to print, although it is scheduled to debut December 2013, according to the notice on the download page. The website does not indicate whether versions older than V4 of the protocol are supported. The formerly Italian, now Luxembourg-based, manufacturers have taken some time with the recently released fourth edition of the program – many years in fact, much to the dismay of customers. Patience seems called for.

TeamViewer with Remote Touch

The popular proprietary, but free for personal use, desktop sharing software TeamViewer (Figure 6) is available for the most common desktop operating systems – Windows, Mac OS, and Linux – as well as in a client version for Android and iOS.


Figure 6: TeamViewer (managing a Mac OS session here) is available for a variety of client-server combinations.

TeamViewer can be used for online presentations or meetings, but is also suitable for remote maintenance tasks. A positive effect to notice here is the Quick Support version that requires no installation and is therefore particularly suitable for spontaneous and uncomplicated support of less technical users.

The users only need to download a program and run it. The software then displays a session ID and a password. If need be, users can pass both of these on to the mobile helper on the phone, which then connects to the system and solves the problem. The remote helper then takes over the helm and can even manage the system via gesture control and handle file transfers in both directions.


As elegant as a console or a graphical login session can be, a system administrator often just needs answers to the usual questions. How full are the file systems, how many users are logged on to the system, and how long has it actually been running?

If you have not organized your systems in a comprehensive monitoring system like Nagios, you might well appreciate a tool such as Cura-SysAdmin (Figure 7), which is only available for Android.


Figure 7: Cura-SysAdmin shows the most important monitoring data in an Android view.

Cura answers these and other questions and also includes a rather rudimentary terminal emulator, the Nmap port scanner, and a logfile viewer, providing pre-configured access to the main system logs in /var/log, which you can even store on the Android device.

An inelegant, optional feature of Cura prevents installation on Android devices that do not have a SIM card. Cura implements an option for remotely deleting the Cura database and for sending text/email messages with the current positional data in case of loss; thus, GSM connectivity is imperative.

Managing Files with ES File Explorer

Users looking for a file manager that is also suitable for use on a network will inevitably end up knocking at the door of ES File Explorer. Besides its functionality as an easy-to-use file manager with support for ZIP and RAR archives, it offers an integrated file viewer that can handle most formats, and a search function to help you find all files of a certain type on the device, for example.

In the world beyond your own, device-wide protocol support becomes very important. ES File Explorer supports access via FTP, SFTP, FTPS, WebDAV, and CIFS. If you store your data in the cloud, you can open a connection to Dropbox, SkyDrive, GDrive, and Amazon S3, among others. In heterogeneous environments, in particular, it would be delightful to have an implementation of the Network File System (NFS) and the Apple Filing Protocol (AFP), but that is rare on mobile devices.

iOS users who want to access network shares and cloud resources turn to tools such as the commercial FileExplorer, whose free version (FileExplorer Free) remains limited to one target.

Scanning and Sniffing Your Network

Once you have had enough mobile management and want to check out your own network, the versatile Fing (Figure 8) is good for starters.


Figure 8: (Left) Fing lists the services running on a scanned system and the associated access programs; (center) Fing shows information about the current WiFi network and determines the ISP; (right) the password manager KeePassDroid acts as a mobile wallet for passwords.

It works on both Android and iOS and scans all the devices registered on the network, revealing the hostname, IP and MAC addresses, and, if possible, the manufacturer of the network device. The concise list can help you quickly determine the IP address of a forgotten device or check to see whether a machine is online and then discover which DHCP address it was assigned by the server. The lists can be stored either on the device or in the manufacturer’s cloud, Fingbox, which is a commercial operation.

Tapping an entry starts a port scan on the corresponding target. If you find open services, you can run the appropriate apps for the service right away. The app suggests ConnectBot for SSH and AndFTP for SCP and SFTP. Also, direct access to CIFS connections via AndSMB is preconfigured, as is access to any web interfaces you discover.

Additionally, you can run a number of classic network tools (e.g., Telnet, Ping, and Traceroute) against a host. The ability to wake up a system using Wake-on-LAN (WoL) is also in place. If you want to wake a device that is not on your list, you can do so via the global settings menu. This is also where you can perform DNS lookups or run pings and traceroutes against any computer.

Fing is also useful as a security tool. For example, you can find out whether a router on the hotel WLAN uses client isolation (i.e., whether the individual devices can see each other) by running Fing. If you see other systems and services, you should transfer unencrypted data only after careful consideration.

Wifi Analyzer

Admins who are less interested in exploring the devices on their own networks and more interested in the wireless networks in the area should take a look at the classic Wifi Analyzer. The intuitive tool, which is suitable even for non-experts, scans all the wireless networks found in range and presents them in the channel overview as a colored graph (Figure 9), which can be helpful in analyzing reception problems or planning WLANs.


Figure 9: Wifi Analyzer shows all the wireless networks it can find and allows you to search for less frequently used channels.

A needle graph shows the signal strength of an access point in real time, ranging from green (strong) to yellow to gray (weak). If you enable sound, the app can be used like a Geiger counter, giving you acoustic feedback on the quality of reception.

Interference Analysis

Channel evaluation also lets you operate your own wireless network on a channel that is as interference-free as possible. This process rates the individual channels with asterisks and helps to determine the least frequented channel, which is definitely a challenge in densely populated areas.

The AP list, which is designed more for technically interested users or for advanced debugging, gives you the names of the individual networks, channels used, frequencies, encryption type, and signal strength – and even the details of multiple available access points that share the same ESSID.

Apple: No Sniffers

In the iOS camp, the choice of applications has deteriorated significantly since Apple systematically began to remove sniffers from the App Store in mid-2010. The reason? Sniffers rely on unauthorized “private frameworks for spying on access and wireless data” (i.e., they tap the wireless chips directly, instead of using the library calls required by Apple).

However, applications that have their own WiFi database are still allowed; except it is of little use for exploring the wireless networks in your neighborhood. The only solution here is a jailbreak and detour via the alternative Cydia app store, which offers a wider selection of sniffers.

Administrators must decide for themselves whether root access is an alternative; many security experts advise it, quoting the motto, “if it is possible, do it yourself, rather than leave it to a hacker.” Nevertheless, this question is a matter for heated debate among security consultants.

If you are less concerned with individual devices but instead want to see the big picture, you will typically already have a monitoring solution like Nagios or Icinga in place. Matching apps and web interfaces are available for both, thus helping admins keep track of all their critical systems on a small screen. The Nagios website even names a number of mobile interfaces.


Smartphones and tablets with Android and iOS have advanced in recent years to the extent that they can be useful alternatives for admins when it comes to taking a quick look at a supervised system. Despite serious security deficiencies, they have lost their dubious reputation as admin tools. A wide selection of apps for virtually any application turns these mobile devices into general purpose tools – even without root permissions on the devices (see the box “More Fun with Root Privileges”).



Figure 10: zAnti scanning local networks for vulnerabilities.

The mobile admin’s backpack is becoming significantly lighter now that the laptop and PC can stay at home. However, for long sessions, it doesn’t hurt to have a laptop at hand – or at least a proper Bluetooth keyboard. Everything else is touch.




[3]Android Forensics with Volatility and LiME

Original on : Linux Magazine

Limitarea utilizarii procesorului de catre un proces sub Linux


cpulimit este un mic program scris in C, care permite pentru a limitarea utilizarii procesorului prin un  proces Linux. Limita specificata este in procente astfel incat putem evita incarcarea maxima ca procesorului generata de script-uri, programe sau procese.

Am gasit destul de util folosirea cpulimit , pentru scripturile de crontab , de exemplu putand sa fac backup peste noapte si astfel pentru arhivarea unui fisier de 50GB folosind gzip nu va folosi toate resursele CPU si va ramane si celorlalte procese timp de CPU.

In cele mai multe distributii Linux , cpulimit este disponibil, astfel incat puteti sa folositi instala folosind comenziile:

sudo apt-get install cpulimit


sudo yum install cpulimit

In cazul in care nu este disponibil dumneavoastra , atunci puteti sa-l compilati foarte usor:

cd / usr / src /
 wget - nu-check-certificat de https:// github.com / opsengine / cpulimit / arhiva / master-O cpulimit.tar
 tar-xvf cpulimit.tar
 CD-opsengine cpulimit-9df7758
 ln-s cpulimit / usr / sbin / cpulimit

Din acest moment puteti rula cpulimit pentru a limita utilizare procesorului de catre un proces prin procentaj , exemplul de mai jos executa arhivarea cu gzip fara a trece de folosirea a 10% din CPU:

/usr/sbin/cpulimit --limit=10 /bin/gzip vzdump-openvz-102-2012_06_26-19_01_11.tar

Puteti verifica cat foloseste gzip in timp real prin comanda :

ps axu | grep [g] zip



Prima comanda contine “grep [g] zip”  pentru a evita afisarea obisnuita a ultimei linii:

root    896448  10.0  3.1 159524  3528 ?        S    13:12   0:00 /usr/sbin/cpulimit --limit=10 /bin/gzip vzdump-openvz-102-2012_06_26-19_01_11.tar
root       26490  0.0  0.0   6364   708 pts/0    S+   15:24   0:00 grep gzip

Utilizand cpulimit puteti limita un proces care ruleaza deja , exemplu de mai jos aloca o limita de 20% la procesul cu PID 2342 :
 /usr/sbin/cpulimit -p 2342 -l 20
Deasemenea este posibila specificarea executabilului in locul PID-ului:
 /usr/sbin/cpulimit -P /usr/sbin/nginx -l 30


Failover şi load balancing cu HAProxy


HAProxy este un proxy open source care poate fi folosit pentru a avea o mai mare disponibilitate  şi “load balancing” pentru tot felul de aplicaţii web. Acesta a fost conceput special pentru proiecte care necesită o disponibilitate mare , deci este foarte rapid şi previzibil, HAProxy se bazează pe un singur model de proces.

în acest post voi descrie configurarea  HAProxy: cererile utilizatorilor sunt trimise  în “load balancing”  între două servere de web Web1 și Web1, în cazul în care unul dintre ele se opreste sau devine indisponibil, toate cererile vor fi  prelucrate de către serverul disponibil, o dată ce serverul indisponibil işi revine  se va aplica “load balancing”  din nou . A se vedea topologia de mai jos.




HAProxy este  inclus în majoritatea distribuţiilor Linux  , în cazul în care folosiţi Centos , Redhat sau Fedora tastaţi urmatoarea comandă:

yum install haproxy


Dacă foloseşti Ubuntu, Debian , Linux Mint sau distribuţii derivate din Debian sau Ubuntu comanda este următoarea :


apt-get install haproxy




După ce instalarea HAProxy s-a terminat trebuie  să  editaţi fişierul de configurare , care de obicei , este în /etc/haproxy/haproxy.cfg . Documentaţia oficială pentru HAProxy 1.4 (stable) o găsiţi aici .



Fişierul de configurare care pune în aplicare topologia prezentată în diagrama de mai sus :

        user daemon
        group daemon
        log daemon

listen http
        mode http
        option tcplog

        log global
        option dontlognull

        balance roundrobin
        clitimeout 60000
        srvtimeout 60000
        contimeout 5000
        retries 3
        server web1 web1.example.com:80 check
        server web2 web2.example.com:80 check
        cookie web1 insert nocache
        cookie web2 insert nocache


Să ne oprim puţin asupra celor mai importante părţi a acestui config. Secţiunea „global” specifică userul şi grupul care va fi folosit de haproxy pentru a rula ( daemon în exemplul nostru). Linia „daemon” face ca HAProxy să ruleze în background , log daemon  specifică unde HAProxy să trimită log-urile  si unde să logheze.

Secţiunea „listen http” conţine linia „bind” care specifică ce adresă  IP şi port să primească cereri (cererile vor fi distribuite  în „load balancing” între Web1 şi Web2).  Linia „mode http” arată ca HAProxy va filtra cererile de HTTP şi va face „load balancing” pe protocolul HTTP.

Linia „balance roundrobin” specifică algoritmul de „load balancing” şi conform acestui algoritm va trimite cererile  către fiecare server web bazându-se pe ce  weight au fiecare în configul de mai sus fiind egal.

Liniile  server web1 … si server web2…                specifică serverele web disponibile  pentru „load balancing” si „failover”, în cazul nostru ele sunt echilibrate in conformitate cu algoritmul „round robin” şi au aceeaşi prioritate.

Ultimele două linii ale configuraţiei sunt optionale , acestea fac  posibilă folosirea cookie-urile , astfel încât în cazul exemplului nostru dacă suntem logaţi într-o aplicaţie web pe serverul Web1 şi mai facem o  cerere prin HAProxy şi acesta ne trimite cererea  către Web2 să rămânem logaţi in aceeaşi sesiune deschisă  ca şi pe Web1.


Tux danseaza pe melodia de la Benny Hill Show