Kernel Commands and File Locations (Demo)

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
21 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
21
Video Transcription
00:00
>> Hello Cybrarians, and welcome back to
00:00
the Linux plus course here at Cybrary.
00:00
I'm your instructor, Rob Goelz.
00:00
In today's lesson, we're going to be
00:00
discussing kernel commands and file locations.
00:00
Upon completion of the lesson,
00:00
you'll be able to use common kernel module commands.
00:00
You're going to find the files that we need
00:00
to know about for kernel management.
00:00
You're going to understand where to find
00:00
those files in CentOS and Ubuntu.
00:00
With that being said, we're going to go ahead and get
00:00
right to it with some demo time.
00:00
Let's go ahead and switch over to
00:00
our CentOS system and get started.
00:00
Here we are in our CentOS system and one
00:00
of the things that we always want to look at
00:00
here is our output
00:00
of the lsmod to see all of our modules.
00:00
Let me go ahead and just hit Enter on this and
00:00
you'll see that a bunch of stuff just flew by.
00:00
Because this is really all that lsmod does.
00:00
It just displays all of the loaded modules.
00:00
Now, you can do something like
00:00
pipe this output to a less pager.
00:00
We talked about this previously,
00:00
the less pager just allows us to
00:00
send output from one command to another command.
00:00
We can use the less pager to page through the output.
00:00
The pipe allows you to pipe
00:00
information from one command to another.
00:00
We'll go ahead and hit Enter on this and
00:00
now we can page up and page down using the
00:00
>> page up and page down keys on
00:00
>> our keyboard to move through the output of
00:00
the lsmod so it doesn't just all
00:00
get kind of blasted out through our screen.
00:00
We can see all of the modules that we
00:00
have loaded in the kernel at this point.
00:00
Now another thing that we can look at
00:00
right here is using the modprobe command.
00:00
Now we're going to need to elevate the privileges of
00:00
the user account that we're using
00:00
here in order to use modprobe.
00:00
We're going to use sudo to do that.
00:00
What I'm going to do is I'm just
00:00
going to load a dummy module.
00:00
In fact, I'm just going to call the module dummy.
00:00
We're going to do sudo modprobe dummy.
00:00
I'm going to get prompted for my password to
00:00
elevate privileges on my user account.
00:00
I'm going to pipe that in there.
00:00
Now we can see that the command ran successfully by
00:00
doing a lsmod and doing a pipe to the grep command.
00:00
The grep command just
00:00
will look for the string that you provide it.
00:00
We're going to provide it the string
00:00
dummy to search inside of lsmod,
00:00
and we can see that dummy is indeed installed now.
00:00
modprobe dummy installs the dummy module.
00:00
Well, we don't really want a module
00:00
called dummy on our system.
00:00
That's kind of silly.
00:00
So what do we do to get rid of that?
00:00
Well, we can also use modprobe to remove this.
00:00
Remember that modprobe replaces insmod and rmmod.
00:00
The modprobe -r command or
00:00
the -r option is used to remove a module.
00:00
What we'll do is we'll just hit Enter here.
00:00
Now, if we do an lsmod again and we grep for dummy,
00:00
we get nothing back because the module has been removed.
00:00
That's really all that you need to know about
00:00
the modprobe command for the purposes of this lesson.
00:00
Let's go ahead and move forward.
00:00
We're going to look at the user lib modules directory.
00:00
This is another directory that you need to
00:00
know about for the Linux plus exam.
00:00
We can do is we can navigate to /usr/lib/modules.
00:00
What we'll see in this directory if we do
00:00
an ls is all of these kernel versions.
00:00
What happens is each kernel version has to know
00:00
>> about all of the modules that it's responsible for.
00:00
>> If we do a uname -r,
00:00
we can see that our current module
00:00
>> is 4.18.0-240.10.1-ela,
00:00
>> etc., etc., etc.
00:00
Let's go ahead and copy this or actually better yet,
00:00
we'll just use some of the shell expansion
00:00
that we used previously.
00:00
What we'll do is we'll change directory
00:00
into the directory that
00:00
has the name of the current kernel.
00:00
Now we can see that we are in this directory
00:00
4.18.0-240.10 etc., etc., etc.
00:00
If we do an ls in this directory,
00:00
we can see all of these modules.
00:00
What this is, or what these are,
00:00
>> is all of the modules that
00:00
>> dep mode has to read from to understand
00:00
the module dependencies the kernel has to know about.
00:00
Now another file they may ask you to know about on
00:00
the Linux plus exam is the /etc/modprobe.conf file,
00:00
but I'm going to tell you the file
00:00
>> doesn't exist anymore.
00:00
>> If we do an /etc/modprobe,
00:00
we're going to see that there
00:00
is no modprobe.conf directory.
00:00
The only file that we'll actually
00:00
find on here in this directory,
00:00
you cd /etc/mod and then hit Tab,
00:00
we'll see modules-load and modprobe.d.
00:00
We'll talk about modprobe.d in
00:00
just a minute but let's go ahead and move
00:00
over to Ubuntu here and see if we
00:00
see the modprobe there as well.
00:00
All right. We're over here in Ubuntu and let's go
00:00
ahead and try and navigate to /etc/modprobe.
00:00
Just go ahead and hit Tab.
00:00
We see there's modprobe.d.
00:00
Let's see, is there a modprobe.conf?
00:00
No, there is no modprobe.conf directory in
00:00
a modern CentOS or
00:00
Debian-based distribution like Ubuntu, it's deprecated.
00:00
But what we can do is we can look at /etc/modprobe.d.
00:00
Inside of this directory,
00:00
we're going to see a bunch of .conf files.
00:00
Now these .conf files have taken the place
00:00
of /etc/modprobe.conf and are used
00:00
in order to configure the modprobe system.
00:00
The other thing we can look at
00:00
in Ubuntu here is we can go back to
00:00
/usr/lib/modules and do an ls.
00:00
Just as we saw before,
00:00
we have all of the different kernels
00:00
that have been installed on this system,
00:00
and we can cd into the most recent kernel
00:00
>> using some shell expansion tricks.
00:00
>> Then we see that we're in the most recent kernel
00:00
that the system is running.
00:00
We can do an ls and we're going to
00:00
see all the modules in here.
00:00
With that being said, let's go ahead and move back
00:00
over to our slides.
00:00
In this lesson, we covered
00:00
common kernel module commands,
00:00
where to find some of the kernel files,
00:00
and where these files can be found
00:00
>> in CentOS and Ubuntu.
00:00
>> Thank you for being here,
00:00
>> and I look forward to seeing you in the next lesson.
Up Next