configuration utility.
These contents might change dynamically if you use the kudzu hardware configuration service. The kudzu service also prompts you at boot time to remove, configure, or ignore a related setting if kudzu detects new or different hardware (such as a new USB keyboard, network card, or monitor). The kudzu service creates a file called hwconf that contains a hardware profile of your PC's current state. Note that if kudzu is not enabled or running, you can use device- specific configuration utilities such as system-config-keyboard, or you can manually edit configuration files.
Information about the type of keyboard attached to the PC, for example, is contained in the file /etc/sysconfig/keyboard:
KEYBOARDTYPE='pc'
KEYTABLE='uk'
Here the keyboard in use is the U.K. layout, but if you are in the United States, you will likely see this:
KEYBOARDTYPE='pc'
KEYTABLE='us'
If you are new to Linux, the system-config-keyboard client is the best tool to use to configure a keyboard. You should manually edit system hardware configuration files used by graphical management clients only as a last resort.
Protect the Contents of User Directories — /home
The most important data on a Linux system resides in the user's directories, found under the /home directory. Segregating the system and user data can be helpful in preventing data loss and making the process of backing up easier. For example, having user data reside on a separate file system or mounted from a remote computer on the network might help shield users from data loss in the event of a system hardware failure.
Use the Contents of the /proc Directory to Interact with the Kernel
The content of the /proc directory is created from memory and exists only while Linux is running. This directory contains special 'files' that either extract information from or send information to the kernel. Many Linux utilities extract information from dynamically created directories and files under this directory, also known as a meminfo:
$ free
total used free shared buffers cached
Mem: 1026320 822112 204208 0 41232 481412
-/+ buffers/cache: 299468 726852
Swap: 2031608 0 2031608
This information constantly changes as the system is used. You can get the same information by using the cat command to see the contents of the meminfo file:
$ cat /proc/meminfo
MemTotal: 1026320 kB
MemFree: 204200 kB
Buffers: 41252 kB
Cached: 481412 kB
SwapCached: 0 kB
Active: 307232 kB
Inactive: 418224 kB
HighTotal: 122692 kB
HighFree: 244 kB
LowTotal: 903628 kB
LowFree: 203956 kB
SwapTotal: 2031608 kB
SwapFree: 2031608 kB
Dirty: 0 kB
Writeback: 0 kB
AnonPages: 202804 kB
Mapped: 87864 kB
Slab: 21736 kB
SReclaimable: 12484 kB
SUnreclaim: 9252 kB
PageTables: 5060 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
CommitLimit: 2544768 kB
Committed_AS: 712024 kB
VmallocTotal: 114680 kB
VmallocUsed: 6016 kB
VmallocChunk: 108148 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
Hugepagesize: 4096 kB
The /proc directory can also be used to dynamically alter the behavior of a running Linux kernel by 'echoing' numeric values to specific files under the /proc/sys directory. For example, to 'turn on' kernel protection against one type of denial-of-service (DoS) attack known as SYN flooding, use the echo command to send the number 1 (one) to the following /proc path:
# echo 1 >/proc/sys/net/ipv4/tcp_syncookies
The Linux kernel has a number of built-in protections, but good system administration security policies and a secure firewall protecting your gateway, router, or Internet-connected system are the best protection you can use. See Chapter 30, 'Securing Your Machines,' for an overview of firewalling and examples of how to implement network security tools included with Fedora.
Other ways to use the /proc directory include
> Getting CPU information, such as the family, type, and speed from / proc/cpuinfo.
> Viewing important networking information under /proc/net, such as active interfaces information under /proc/net/dev, routing information in /proc/net/route, and network statistics in /proc/net/netstat.
