16 

Troubleshooting Linux Systems

Lesson Time: 1 hour, 15 minutes

Lesson Introduction
While working with a Red Hat® Enterprise Linux® operating system, users may
experience unexpected technical issues. To provide uninterrupted services to the
users, you need to be able to solve the problems that arise while functioning. In this
lesson, you will troubleshoot Linux-related issues.

As an administrator managing multiple systems on a network, you would have

installed various services and packages required by users. However, when several
users start using the systems, there may be instances when the applications and
services do not function as desired. As the administrator, you will be expected to
determine and resolve the problems.

Lesson Objectives
In this lesson, you will troubleshoot Linux system issues. You will:

• Use the Linux rescue environment for troubleshooting the Linux system issues.
• Troubleshoot hardware issues.
• Troubleshoot network connection and security issues.

TOPIC A Troubleshoot System-Based Issues

Previously, you managed hardware devices that help make up an entire Linux system.
While Linux is inherently a stable system, it does need troubleshooting and servicing
from time to time. While working with Linux, you may experience issues that may
prevent you from using the system or its services. In this topic, you will troubleshoot
system-based issues to help recover the Linux system.

As an administrator managing multiple systems on a network, you will eventually

experience a wide variety of issues with the Linux operating system. Without proper
identification and analysis, finding a solution will not only be time-consuming, but
also cumbersome. Therefore, you must familiarize yourself with the procedures
required to identify these issues and solve them efficiently.

Troubleshooting Strategies
Troubleshooting is the recognition, diagnosis, and resolution of problems.
Troubleshooting begins with the identification of a problem, and it does not end until
services have been restored and the problem no longer adversely affects users.
Troubleshooting can take many forms, but all approaches have the same goal: to solve
a problem efficiently with a minimal interruption of service. A troubleshooting
strategy is a plan of action for identifying the causes and resolving the effects of a
system-related issue. Various guidelines have to be considered while troubleshooting.

Guideline Description

Analyze the problem. Before attempting to troubleshoot an issue, try to identify the problem through its sym
and configuration files.
Also, check if the relevant services are working properly.

Back up data. Before experimenting with issues in configuration files, log files, or any other import
further complication of the issues.

Eliminate possible causes. Observe whether the issue is related with the hardware, an application, a process, or a
cause. Eliminating the root cause will rectify all the related issues.

Adopt fundamental problem- solving After identifying the underlying causes, try out the fundamental methods of resolving
approaches.

A Basic Troubleshooting Model

A troubleshooting model is a standardized step-by-step approach to the

troubleshooting process.

The model serves as a framework for correcting a problem on a network without

introducing further problems or making unnecessary modifications to the network.
Models can vary in the sequence, number, and name of the steps involved, but all
models have the same goal: to move in a methodical and repeatable manner through
the troubleshooting process.

Some companies developed troubleshooting processes that are systematic and logical.
Following these guidelines will help you find and correct problems on your network
quickly and efficiently.

One troubleshooting model divides the troubleshooting process into the following
steps.
1. Identify the problem. This stage includes:
• Gathering information.
• Duplicating the problem, if possible.
• Questioning users to gain experiential information.
• Identifying the symptoms.
• Determining if anything has changed.
• Approaching multiple problems individually.
2. Establish a theory of probable cause. This stage includes:
• Questioning the obvious.
• Considering multiple approaches, such as examining the OSI (Open System Interconnect) mo
conquering.
3. Test the theory to determine the cause.
a. When the theory is confirmed, determine the next steps to resolve the problem.
b. If the theory is not confirmed, establish a new theory or escalate the issue.
4. Establish a plan of action to resolve the problem, while identifying the potential effects of your
5. Implement the solution, or escalate the issue.
6. Verify full system functionality and, if applicable, implement preventative measures.
7. Document your findings, actions, and the outcomes.
Troubleshooting can be a difficult process. It is not likely that anyone can develop a
complete and accurate approach to troubleshooting, because troubleshooting is often
done through intuitive guesses based on experience.

The Linux Rescue Environment

The Linux rescue environment is a stand-alone Linux program for troubleshooting a
corrupt Linux installation. It serves as an external environment through which errors
in the Linux system can be fixed without the help of the existing installation files. The
rescue environment mounts the standard Linux system directories in the
/mnt/sysimage directory. These directories are mounted either in read-write mode or
read-only mode, depending on the kinds of issues.
Figure 16-1: The rescue environment for troubleshooting Linux issues.

Note: In some cases, when system directories cannot be mounted on the /mnt/sysimage directory, the prompt will

chroot Mode

The chroot mode shifts the root (/) directory to a different location for recovery. It is
also known as jail mode because it can be used in production scenarios to ensure a
user will not be able to access any other file or directory except this directory and its
subdirectories.

Troubleshooting the Boot Process

The following table can help you troubleshoot the boot process.

Cause Solution

If the boot loader screen does not appear, then GRUB (GRand Unified Bootloader) may not be properly Reconfigure the /bo
configured.

If the grub> prompt appears, then GRUB may be corrupted. Install GRUB again

If the kernel does not load, then the kernel image may be corrupted. Install a new kernel
 Cause Solution
If the kernel does not load, then the parameter passed during the system startup may be wrong. Specify the correct

If there is a kernel panic, then: Use the applicable s

1. 1.
The boot loader may have been misconfigured. In rescue m

2. 2.
The /etc/inittab file is misconfigured, or Systemd configuration is incorrect or incomplete. In rescue m

3. 3.
The root filesystem is misconfigured. In rescue m

If the kernel loads, but /etc/rc.d (or systemd settings) causes an issue, then the /etc/fstab file may have In rescue mode, fix
an error.

If the kernel loads, but /etc/rc.d (or systemd settings) causes an issue, then the fsck utility may have In rescue mode, run
failed.

If the services do not start correctly, then they may not have been configured properly. Configure the servic

Rescue Environment Utilities

A set of utilities is available in the rescue environment to troubleshoot different issues.

Category Utility

Disk maintenance utilities

•
LVM (Logical Volume Manager) utilities such as lvcreate, lvresize,
and lvremove.

•
Software RAID (Redundant Array of Independent Disks) utility such
as mdadm.

•
Disk partitioning and swap utilities such as fdisk, sfdisk, gdisk,
mount, umount, and mkswap.

•
Filesystem utilities such as mkfs, tune2fs, fsck, e2fsck, and XFS utilities.

Networking utilities
•
Network debugging utilities such as ip, ifconfig, route, dig,
 Category Utility

netstat, traceroute, host, and hostname.

•
Network connectivity utilities such as ssh, ftp, and scp.

Other utilities
•
Shell commands such as chroot and bash.

•
Process management tools such as ps and kill.

•
Editors such as vi and nano.

•
File management commands such as cd, ls, cp, rm, and mv.

•
Kernel management utility such as sysctl.

•
Package management tools such as rpm and yum.

•
Archiving and compression utilities such as tar and gzip.

Environment Configuration Problems

Configuration problems could prevent a user from logging in to a system and
accessing the services provided by the server. Other problems could also be caused
due to system variables or due to user and group accounts. The symptoms, causes, and
solutions for common configuration problems are provided in the following table.

Symptom Cause and Solution

The user is unable to create a user or a group account. Cause: The user does not have admin privileges, or the system is u
Solution: Check whether the required privileges are granted to the
account.

The user is unable to log in. Cause: The settings in the user account or the group account could
Solution: Check the user or group account settings, including the p

The user is unable to access files and directories. Cause: The required permission is not granted to the user.
Solution: Check the user or group quota and the privileges granted
 Symptom Cause and Solution
The user is unable to execute basic commands or Cause: The environmental variable is not properly set.
applications. Solution: Check the environmental variables and the library files o

The scheduled jobs are not executed. Cause: The crond daemon has not started or stopped due to the inv
Solution: Check whether the crond daemon is running.
Otherwise, check whether the configuration set in the crontab file

The user is unable to switch between the runlevels. Cause: The PATH variable is not set properly or permission is not
Solution: Check whether the user is granted the necessary privileg
PATH variable.

Core System Variables

Core system variables affect the behavior of applications and commands. Some of the
system variables and their functions are given in the following table.

Use This Variable If You Need To Specify

HOSTNAME={hostname} The hostname of the system.

SHELL={shell path} The shell path for the system.

MAIL={mail path} The path where mail will be stored.

HOME={home directory} The home directory of the user.

PATH={user path} The path in which the user needs to operate.

HISTSIZE={number} The number of entries to be stored in the history.

USER={user name} The name of the user.

Single-User Mode
Single-user mode in Linux can be initialized by changing the runlevel to 1. It is used
when the system does not allow you to log in after booting. The networking feature is
disabled in single-user mode, which makes it an ideal mode to troubleshoot network
problems. Single-user mode can be used for filesystem checks, because most of the
partitions are not mounted in runlevel 1. This mode can even be used to recover the
root password.
Figure 16-2: Changing the root user password in single-user mode.

Boot Disks
A boot disk contains operating system files, such as init, klogd, and syslogd, required
to start a system.

It can be a hard disk, floppy disk, CD-ROM, DVD-ROM, or USB (Universal Serial
Bus) drive. The boot disk contains configuration files, startup files, and programs. The
boot disk is used to boot a system following a hard disk crash. Some distributions use
the first CD in the installation set as the boot disk. Other distributions allow you to
create a floppy disk that can be used to boot the system.

Figure 16-3: Contents of a boot disk.

Ramdisks

A ramdisk is a portion of memory that is allocated and used as a partition. The

memory allocated as ramdisk is treated as a hard drive. Frequently accessed files can
be placed in the ramdisk, which in turn will increase the performance of the system.
The ramdisk word Keyword

The ramdisk word keyword is a keyword that specifies the location of the root
filesystem. The ramdisk word can be set and accessed using the rdev command.

The boot.iso File

The boot.iso file is an ISO–9660 image that is used to create bootable CD- or DVD-

ROMs. This image file can be burned on to a CD-ROM, which can then be used for
installing Linux, just like the original installation media itself. The boot speed of CD-
ROMs is also an added advantage.

The diskboot.img File

The diskboot.img file is a VFAT (Virtual File Allocation Table) filesystem image that

is used to create bootable USB pen drives. Once the image is written onto the USB, it
can then be used as a media for Linux installation. However, using a USB to boot a
system depends on the BIOS (Basic Input/Output System) settings.
The diskboot.img image file should be written onto the USB using the dd command.

Root Disks
A root disk contains directories, such as etc, bin, home, and so on, which contain files
required to run a Linux system. It need not contain a kernel or a boot loader. The root
disk can run a system without depending on any other disk.
Figure 16-4: Components of the root disk.

Zero-Filled Files
There are times when you might need to create a filesystem that does not contain any
data or partition table. One of these times might be when you need to build a
compressed root filesystem.

To do this, you need to create a zero-filled file, partition, or ramdisk. The dd

command can be used to create a zero-filled file or partition, which overwrites the
disk with zeroes, effectively wiping out all data. This command erases data and
partition tables, if any. By creating the zero-filled file or partition, you will be able to
compress a filesystem to the maximum.

Kernel Panic
If a user is unable to boot a system, it may be due to disk errors caused by hardware
devices. When the "Kernel Panic" message is displayed, the filesystem is corrupted or
inaccessible. To resolve this issue, log in to rescue mode and perform an integrity
check on the filesystem.

How to Troubleshoot Linux-Based Issues

Follow these general procedures to troubleshoot Linux-based issues.
Analyze a Problem by Gathering Data

To analyze a problem by gathering data:

1. Log in to the CLI as root.

2. Gather data about the issue using appropriate commands and files.
• To analyze the history of commands run by the user, enter history.
• To find the specified keyword in the log file while troubleshooting, enter grep {keyword} {lo
• To view if there are any changes in the file compared with the last backed up state, enter diff
• To find all the files that were modified within a specified timing, enter find {location of the d
• To collect more information when the specified command is run, enter strace {command}.
• To list all open files of all active processes in a system, enter lsof.
• To view the log file as and when it is updated, enter tail -f {log file name}.
• Configure system logs to log all debug messages.
a. To open the system log configuration file, enter vi /etc/rsyslog.conf.
b. To set the type and level of severity to be logged in the specified file, type {facility} {level
c. Save and exit.
d. To restart the system log service and apply the changes, enter service rsyslog restart.
Use the Linux Rescue Environment

To use the Linux rescue environment:

1. To boot from the recovery disc, ensure that your system is set to boot from your DVD drive, mo
2. Insert the CentOS Installation DVD into the DVD drive and boot the system.
3. To view the Troubleshooting menu, at the boot menu, press the Down Arrow once to select Trou
4. To enter rescue mode, on the Troubleshooting menu, press the down arrow once to select
Rescue a CentOS system and press Enter.
5. To enter rescue mode, on the Rescue menu, press the Tab key once to select Continue and press
6. A message is displayed, stating that the root partition will be mounted in the /mnt/sysimage direc
select OK.
7. A message is displayed, stating that your system has been mounted under the /mnt/sysimage dire
8. The root directory is now mounted on the ramdisk and a shell prompt is displayed. To change th
the /mnt/sysimage directory, enter chroot /mnt/sysimage.
9. Troubleshoot to find the cause of system failure and make the necessary changes to recover the
10. To exit the chroot environment, enter exit.
11. Enter sync so that the changes you made are reflected in the filesystem on the hard disk.
12. To exit from rescue mode, enter exit. The system will now reboot.

TOPIC B Troubleshoot Hardware Issues

In the last topic, you corrected system-based issues in a Linux system. In addition to
the system itself, hardware devices may get corrupted and may not work properly. In
this topic, you will troubleshoot hardware issues.

Systems may be connected to external devices such as speakers or modems.

Sometimes, these devices may not work properly. Finding the cause of the problem
and fixing it will help you solve hardware issues and keep systems functioning
smoothly.

Troubleshooting Tools
There are many troubleshooting tools that you can use, depending on the type of
problem you are facing and the environment in which you are working. Some of these
tools are described in the following table.

Tool Description

dmesg A system administration command that is used to examine and control the kernel initialization process. It is u
during kernel initialization. Status messages can also be accessed from the /var/log/ dmesg file.

/dev A file that is used to create a boot or recoverable disk.

GNU Parted A program that allows you to create, destroy, resize, move, and copy hard disk partitions.

HardDrake A service that provides hardware detection in a graphical interface.

KNOPPIX A bootable CD (or DVD) that contains GNU/Linux software, which includes automatic hardware detection a

ifconfig A command that is used to view the IP address and subnet mask and verify that they are allocated. It can also

/proc and /sys The /proc and /sys filesystems are pseudo-filesystems that are used as an interface to the kernel data structure

Starting and Stopping Processes to Locate and Correct Problems

Both services and processes can be stopped and restarted. This can sometimes be used
to fix problems. You can use the ps command along with the grep command to locate
processes that you need to check on. You can then kill the processes if necessary.

The pgrep command is used to look up or signal processes based on their names or
other attributes. It looks through the running processes and lists PIDs that match the
criteria you specify.

For instance, the pgrep -u root sshd command lists only processes called sshd and that
are owned by the root user. The command pgrep -u root,daemon lists all processes
owned by root or daemon.

The pkill command can be used in conjunction with the pgrep command to stop
processes.

Starting and stopping processes is just one more way to troubleshoot problems. When
you see a certain symptom, such as a process taking too long, you should first check
on the process using the ps or pgrep command; then if necessary, end the process
using the kill or pkill command. You should next examine the process (the script or
other command sequences associated with that process) and check for any problems.
After fixing the problems, you should try running the command or script again. Check
on it periodically to see if it is working properly.

Hardware Problems
Hardware devices may experience failures anytime while the system is being used.

Symptom Cause and Solution

The user is unable to hear from the speakers. Cause: The speaker or the sound card is not functioning proper
Solution: Check the speaker and its corresponding driver. If yo

A system connected to the UPS shuts down abruptly. Cause: The UPS is malfunctioning, or there is a mismatch betw
Solution: Check the serial ports, the cable, and the configuratio

The user is unable to move the pointer in GUI mode. Cause: The mouse does not function properly due to the config
Solution: Unplug and reconnect the mouse, then restart the sys

The user is unable to access the CD/DVD drive. Cause: The drive is not mounted or there is some problem with
Solution: Check whether the read/write indicator is on.
Otherwise, check the power cable connected to the drive.
Viewing Hardware Details

Some commands that are frequently used for viewing hardware details are listed in the
table.

Command Used To

/usr/bin/dmesg View bootup messages.

/sbin/lspci View information about Peripheral Component Interconnect (PCI) cards.

/sbin/lsusb View information about USB devices.

/usr/bin/lscpu View information about the installed CPU(s).

/sbin/lsmod View a list of loaded modules.

/bin/uname View system information such as the kernel name, release and version numbers, hardware platform

Guidelines for Troubleshooting Hardware Issues

Follow these general guidelines to help you troubleshoot hardware issues.

Troubleshoot Sound Issues

To troubleshoot sound issues:

• Verify that the speaker is connected, switched on, and is functioning.

• If the speaker is functioning but the problem persists, verify that the sound card is detected while b
1. Verify that the sound card is listed in the output of the lspci command.
2. If the sound card/device is not detected, contact your hardware engineer to resolve the sound is
• If the sound card/device is detected and the problem still persists, verify that the sound card modu
1. Verify that the sound card module details are listed in the output of the lsmod command and
lsmod {module name} command.
2. If the sound card module is not loaded, add an entry for the sound card in the /etc/ modprobe.con
number and the name of the module used for the sound card and specify it in the format alias so
slot-{slot number} {module name}.
 Note: The /lib/modules/[kernel version]/kernel/sound directory contains modules for the sound card.

3. To load the module automatically, reboot the system.

Note: You can also load the module using the modprobe or insmod command. If you want to use the modprobe

Troubleshoot Issues Related to UPS Devices

To troubleshoot issues related to UPS devices:

• Verify that the UPS device is connected properly to the server.

• Verify that the serial port is configured correctly.
1. Verify that the settings listed in the output of the setserial -a /dev/ttyS0 command matches your
2. If necessary, change the serial port settings, using the commands, setserial /dev/
ttyS{port number} {spd_normal | spd_hi | spd_vhi} and setserial /dev/ ttyS{port number} baud_
• If the UPS device is still not working properly, then the issue is hardware related. Contact your ha
Troubleshoot Mouse Issues

To troubleshoot mouse issues:

• Verify that the mouse is connected properly to the system.

• Reboot the system.
• If the mouse is still not working, then the issue is hardware related. Contact your hardware engine
Troubleshoot DVD Disk Problems

To troubleshoot DVD disk issues:

• Verify that the power connector to the drive is connected and working.
• If the connection is not powered on, then there is a problem with the power connector.
1. Verify that the drive access light indicator is glowing.
2. If it is not glowing, the power connector needs to be checked and replaced.
• If the power connector is working and the access issue persists, then there is a problem with the D
1. With your hardware engineer's help, verify that the DVD drive is functioning properly.
 2. If the DVD drive is functional, verify that your DVD is functioning properly.
Troubleshoot Printing Problems

To troubleshoot printing problems:

• Verify that the printer cables are connected properly and the power source is switched on.
• Verify that the paper trays are stocked.
• To verify that the printer daemon is running, enter systemctl status cups.service and, if the daemon
• Check the status of the print job in the queue.
• In the CLI or in the GUI terminal window, enter lpq -P (print queue name}.
• To restart the CUPS service, enter service cups restart.
• To verify that the print job is getting executed, enter lpr {file name}.

TOPIC C Troubleshoot Network Connection and Security

Issues
In the previous topics, you identified and solved system- and hardware-based issues in
Linux. In a networking environment, Linux systems will be prone to connection- and
security-related issues.

You need to continually identify and prepare for vulnerabilities. In this topic, you will
troubleshoot network connection and security issues.

Security encompasses a number of different aspects; from passwords and permissions

to data encryption, firewalls, and even physical security. Despite all this protection, if
you are not aware of the symptoms that lead to security breaches, or if you are not
familiar with steps required for repairing corrupted files, your network will remain
open and vulnerable to potential attacks.

Network Issues
If users are unable to connect to a network, they will not be able to log in to their
systems or access the services or shared resources. Network problems can be
categorized as hardware-related issues and service-related issues. Hardware-related
network issues can be solved by checking the network devices, including the network
cable and the network card. Service-related network issues can be fixed by checking
the network settings of a system or the server.
Network Troubleshooting Utilities
The traceroute, ping, and arp utilities are very useful in troubleshooting issues related
to remote network services.

Utility Used To

traceroute Track the route data that it takes to get to its destination. Utilizing the Time to Live (TTL) field of the IP protoco
(ICMP) Time_Exceeded  response from each gateway encountered on the path between the sender and the final d
User Datagram Protocol (UDP) probe packets are sent with a short TTL. The traceroute utility then listens for an
ICMP Port_Unreachable response, which means that you either got to the host or reached the default maximum n
pass through) is printed to your screen; if no response is received within five seconds, an asterisk ( * ) is printed f

ping Verify that a system can be reached on a network. It checks the hostname, the IP address, and whether the remote
ping uses the ICMP Echo_Request datagram to check connections among hosts, by sending echo packets and the

arp Display information, such as the hardware address, the hostname, and the network interfaces, about the Address

ARP

Address Resolution Protocol (ARP) is a network protocol that is used by IP to map

network addresses to MAC addresses.

Symptoms of Network Security Problems

There are a variety of ways that security can be compromised on a system. It is
recommended that you check the Linux log files before troubleshooting. Some
symptoms that indicate potential security problems include:

• Disruption or Denial-of-Service (DoS).

• Unauthorized system use for processing data.
• Unexplained system hardware changes.
• Theft (data information and vandalism).
• Unusual software characteristics.
• Suspected virus outbreak.
Security Tips

Avoid using authentication methods based solely on IP addresses. Keep network

packages up-to-date, and be aware of the new versions of programs such as Berkeley
Internet Name Domain (BIND), Postfix, and Secure Shell (SSH). Disable unnecessary
network services.
System Security Monitoring Tools
Various tools can be used to effectively monitor a system for any security issue and
identify symptoms.

Tool Description

System Log Files There are three types of system log files that can help in monitoring system security:
Log: This file contains information about connections established and files transferred.
Stats: This file lists file transfer statistics.
Debug: This file contains debugging information and login and password information for rem

Central Network Log Server The reports generated from the server contain useful information on server logs and online ale

chkconfig and systemctl These commands can be used to check configuration files and update and query runlevel infor

Troubleshoot Security Issues

To troubleshoot security issues:

1. Check the /var/log/messages file for warnings or errors.

2. Check the /var/log/secure file for warnings or errors.

Network Security Vulnerabilities

Although Linux is considered a secure operating system, a network of systems can
still have unauthorized users gaining access. Once an attacker gains access to a
system, almost any security system can be compromised.

Vulnerabilities include:

• Proliferation of worms and viruses via email messages.

• Malicious execution of programs by a user with root privileges.
• Potential hole in the Linux kernel.
• Passwords that can be easily deciphered.
• Services running on the system such as File Transfer Protocol (FTP), Server Message Block (SMB
(SNMP).
• Domain spoofing.
• DNS servers running vulnerable versions of BIND.
• Remote Procedure Calls (RPCs).
IP Spoofing

IP spoofing is a technique for changing, or spoofing, your IP address in order to fool

the target system into believing that your IP identity is actually another system with
the spoofed address.

Software Vulnerabilities

Software vulnerabilities account for many successful attacks because attackers are
opportunistic.

They exploit well-known flaws using the most effective and widely available attack
tools. They also count on organizations that do not fix the problems and scan the
Internet for vulnerable systems.

BIND Attack

In a BIND attack, an intruder can erase your system logs and install tools to gain
administrative access. In addition, once the attacker has gained access, he or she uses
the attacked system to scan for and attack other network systems running vulnerable
versions of BIND. In effect, the intruder uses the compromised system to attack
hundreds of remote systems, resulting in additional successful compromises.

Sendmail Flaws

Over the years, flaws have been found in Sendmail. In one of the most common
intrusions, the attacker sends a crafted mail message to a machine running Sendmail.
Sendmail, in turn, interprets the message as instructions requiring it to send the
password file to the attacker’s machine.

SNMP Flaws

SNMP uses an unencrypted community string as an authentication mechanism, and

the default community string used by many SNMP devices is public. Sniffed SNMP
traffic can reveal information about the structure of your network, as well as the
systems and devices attached to it.
Honeypot Systems
A system designed to attract attackers is known as a honeypot. If an attacker manages
to get past your packet filter and starts scanning for options, the honeypot should be
the system configured to look like it is vulnerable to known attacks. A honeypot
system should not be too easy to spot because a savvy intruder will be tempted to look
further on the network.

Figure 16-5: The functioning of a honeypot.

Goals of a Honeypot

There are several goals for a honeypot:

• To provide a lure so that attackers stay away from other equipment. You want the attackers to see
access to. This system needs to be as such that the attacker focuses his or her energy on exploiting
sitting right next to it.
• To know that the honeypot system will be attacked, so that you can take extra measures when logg
frequently—perhaps hourly or daily if your network is a high-profile target.
• To increase the ability to detect and respond to incidents. The theory is that if you are aware of wh
prepared to defend or, if possible, prevent the attack on your production systems.
Legal Issues Regarding Honeypots

Be aware that there may be legal issues surrounding the use of the honeypot
technology. The intentional setup of a honeypot may be considered entrapment, and
therefore the same rules apply as in the real world.
Another issue is that of privacy. If an attacker were to set up an IRC server on the
honeypot, it will be possible to log all conversations on that server. There is currently
no defined law explicitly regarding this subject. However, it should be noted that an
attorney could make privacy a viable defense argument.

Guidelines for Troubleshooting Network Issues

When troubleshooting a network problem, well-established guidelines help you to
narrow down the cause of the problem and map steps toward its resolution.

General Troubleshooting Process

Consider using the following process to troubleshoot a network problem:

1. Define the problem and gather the facts.

2. If possible, re-create the problem.
3. Consider all possibilities.
4. Create and implement an action plan.
5. Observe and document results.
6. Provide feedback.
Troubleshoot Network Issues
To troubleshoot network issues:

• Verify that the network cable is plugged in properly.

• To find out more information about the error, view the /var/log/messages file.
• Verify that the network service is started.
1. To view the status of the network service, enter service network status.
2. If the service is stopped, to start it, enter service network start.
• Verify that the IP address and subnet mask are allocated by viewing the output of the ifconfig or ip
1. To view the IP address and subnet mask, enter ifconfig or ip addr.
2. If no entries for the IP address and subnet mask are displayed, determine if the IP addresses are
a. If IP addresses are allocated through a DHCP server, change the BOOTPROTO parameter to 
b. If IP addresses are allocated manually, verify that the IPADDR and NETMASK parameters are
c. Restart the network service.
3. To verify that you are able to connect to the network, ping the network gateway using the comm
• Verify that the default gateway and routing table are configured properly.
• Verify that the name-to-IP address resolution on your network is working properly.
• If you implemented DNS on your network, verify that the DNS entries are correct.
1. Using the host, dig, or nslookup commands, verify that the name-to-IP address mapping is co
2. dig {host name or FQDN}.
3. host {host name or FQDN}.
4. nslookup {host name or FQDN}.
• If you have not implemented DNS on your network, verify that the /etc/hosts file has correct nam
• Verify that IP forwarding is enabled.
1. Verify that the proc/sys/net/ipv4/ip_forward file has the value 1.
2. If the file contains 0, change the value to 1.
a. In the /usr/lib/sysctl.d/00-system.conf file (or the /etc/sysctl.conf file on older systems), modify t
b. Run the sysctl command to apply the changes in the sysctl -p file.
• Verify that the ports of the service you are trying to access are open at the destination host.
1. Use Telnet to access the service through a specific port, telnet {host name} {port number}.
2. In the /etc/hosts.allow and /etc/hosts.deny files and iptables, verify that you are allowed to access
3. If the port is not open, start the service by using the systemctl start {service name} command or
a /etc/systemd/system/ SCRIPTNAME.service.d/*.conf file.
• Verify that the hostname is set.
1. Display the hostname by using the hostnamectl status command.
2. If the hostname is not set, to add an entry for the host, enter hostnamectl set-hostname your-new

ACTIVITY 16-1
Troubleshooting Linux Systems Review
Scenario
Answer the following review questions.

1.
How does troubleshooting in Linux differ from the troubleshooting approach you’ve taken with other systems?

2.
Provide an example of a recent problem you encountered in your environment and how you were able to resolve

Summary
In this lesson, you acquainted yourself with the various troubleshooting strategies in
Linux. This will enable you to effectively tackle most of the issues that may arise
while working with Linux-based systems.