Lockdown: unsigned module loading is restricted​

1. restart
2. press F2
3. more settings
4. Secure Boot
5. Disable

How to debug a busy process (no response)​

logging​

error occured?

pstack $PID​

whether there are many locks waiting

• use progn

(defun MyFunction(input)
  (let ((NEWNUM (find input num)))
    (if (find input num)                ; if this
        (progn
          (setq num NEWNUM)
          (FUNCT2))                     ; then execute both of these ;
      (list 'not found))))              ; else output this

• references
  • can-you-execute-multiple-statements-in-an-if-statement

iptables port map​

1. 需要先开启linux的数据转发功能

   vi /etc/sysctl.conf，将net.ipv4.ip_forward=0更改为net.ipv4.ip_forward=1
   sysctl -p  //使数据转发功能生效
   

2. 更改iptables，使之实现nat映射功能

   将外网访问192.168.75.5的80端口转发到192.168.75.3:8000端口。

   iptables -t nat -A PREROUTING -d 192.168.75.5 -p tcp --dport 80 -j DNAT --to-destination 192.168.75.3:8000
   

   将192.168.75.3 8000端口将数据返回给客户端时，将源ip改为192.168.75.5

   iptables -t nat -A POSTROUTING -d 192.168.75.3 -p tcp --dport 8000 -j SNAT --to 192.168.75.5
   

3. 查看nat，可以使用命令：iptables -t nat –list检查nat列表信息

Reference​

• [iptables实现端口映射][https://www.cnblogs.com/dongzhiquan/p/11427461.html]

SSSD and Active Directory​

1. install packages:

sudo apt install sssd-ad sssd-tools realmd adcli sssd-tools sssd libnss-sss libpam-sss adcli packagekit

2. join domain

sudo realm discover -v $DOMAIN
sudo realm join $DOMAIN

3. edit /etc/sssd/sssd.conf

$ vim /etc/sssd/sssd.conf

[sssd]
domains = ad1.example.com
config_file_version = 2
services = nss, pam

[domain/ad1.example.com]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = AD1.EXAMPLE.COM
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = ad1.example.com
use_fully_qualified_names = True
ldap_id_mapping = True
access_provider = ad

# the following is not shown in ubuntu documentation,
# but is necessary for version after 22
ad_gpo_ignore_unreadable = True
ad_gpo_access_control = permissive

4. automatically create home directory

sudo pam-auth-update --enable mkhomedir

5. check

getent passwd $USERNAME@$DOMAIN

6. login

$ sudo login

ad-client login: $USERNAME@$DOMAIN
Password:
Welcome to Ubuntu 20.04 LTS (GNU/Linux 5.4.0-24-generic x86_64)
...
Creating directory '/home/john@ad1.example.com'.
john@ad1.example.com@ad-client:~

• references
  • SSSD and Active Directory

Member Server in an Active Directory Domain​

1. Install packages:

sudo apt install realmd samba libnss-winbind samba-common-bin libpam-winbind winbind

2. Edit /etc/resolv.conf

nameserver # BD server ip address

3. find realm

sudo realm discover

4. Realm join

sudo realm join -v --membership-software=samba --client-software=winbind $DOMAIN REALM

5. edit /etc/nsswitch.conf

passwd:         files systemd winbind
group:          files systemd winbind

6. automatically create home directory

sudo pam-auth-update --enable mkhomedir

7. see references for more detail

• references
  • Member Server in an Active Directory Domain

How to block yum from upgrading obsoleted package?​

sudo yum --setopt=obsoletes=0 install obsoleted-package

or edit /etc/yum.conf

obsoletes=0

• references
  • How to block yum from upgrading obsoleted package?

How to Clear Cache in Linux?​

1. Clear PageCache only.

sync; echo 1 > /proc/sys/vm/drop_caches

2. Clear dentries and inodes.

sync; echo 2 > /proc/sys/vm/drop_caches

3. Clear pagecache, dentries, and inodes.

sync; echo 3 > /proc/sys/vm/drop_caches

• references:
  • Documentation for /proc/sys/vm/drop_caches

the key information to implement a memory pool​

• boundary:

How to solve the boundaries between different different chunks

• name:

How to get an allocated memory chunk

• reference count

whether the chunk is still used. I want to free the memory only if the process termination or free, with threads free, only do reference count minus 1.

• data structure:

which data structure will be efficient?

find memory leak of a running process​

cat /proc/$pid/smaps

1. find out the PID of the process

   ps -aux
   

2. capture /proc/PID/smaps and save into some file like before_meminc.txt

3. wait till memory gets increased

4. try again step 2

5. find the difference between first smaps and 2nd smaps, e.g. with

   diff -u before_meminc.txt after_meminc.txt
   

6. note down the address range where memory got increased

7. use pstack and watch command to get the right call stack

   watch -n 1 'pstack $PID | tee -a $PID.stack'
   

   C-c when we caputred right stack

8. check our stack file, find the functions between address range which we got from step 6.