Kernel Commands

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
21 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
21
Video Transcription
00:00
>> Hello, Cybrarians.
00:00
>> Welcome back
00:00
>> to the Linux plus course here at Cybrary.
00:00
I'm your instructor Rob Goelz.
00:00
>> In today's lesson we're going to
00:00
>> be discussing Kernel Commands.
00:00
Upon completion of the lesson,
00:00
you'll be able to understand
00:00
common kernel module commands,
00:00
you'll know when each command would be used,
00:00
and you'll see some of the common options
00:00
for each of the commands.
00:00
The first command we're going to look at is called
00:00
lsmod or list module command.
00:00
Is used to view all of
00:00
the modules that are loaded in the kernel,
00:00
and it doesn't have any additional arguments,
00:00
or flags, or options.
00:00
In other words, you just type lsmod and then it
00:00
displays the output of
00:00
all the modules that are loaded in the kernel.
00:00
You can certainly type that.
00:00
We saw that a little bit in the previous module,
00:00
you can type things over to
00:00
other commands and then filter
00:00
them using a command called
00:00
grep that we'll look at later,
00:00
but beyond that, the lsmod command is very simple,
00:00
you just run it and it gives you a list of
00:00
all the modules that are running in the kernel.
00:00
Now the ins and rmmod commands are used
00:00
to insert and remove modules respectively.
00:00
The rmmod command is
00:00
something that you probably are going to use with
00:00
the V flag or the V option for
00:00
verbose output so you can see
00:00
exactly what it's doing when it's removing things,
00:00
and you can use both of
00:00
these commands with the dash H option,
00:00
that's the help flag.
00:00
The dash H flag is the help flag and just
00:00
displays all of the options that
00:00
you see on the screen on the right-hand side.
00:00
Basically, all the options that you
00:00
have when you're running the command are displayed.
00:00
Now, it is worth noting that
00:00
insmod and rmmod are deprecated,
00:00
and nowadays modprobe is used in
00:00
the place of these two commands
00:00
to do the same functionality.
00:00
We'll move on and look at
00:00
modprobe here later in the lesson,
00:00
but with that being said, that's what
00:00
we have for these two commands.
00:00
Now the modinfo command is used to display
00:00
information about a specific module,
00:00
where before we had lsmod that just prints the output of
00:00
about every module that the kernel has loaded.
00:00
We can use mod info to get more granular
00:00
and look at the information on a specific module.
00:00
We can certainly put in modinfo
00:00
and then provided options and
00:00
then give it the name of the module
00:00
that we're looking to find information about,
00:00
and some of those options we
00:00
see on the right-hand side, so,
00:00
things like description or license,
00:00
maybe you want to see what file
00:00
is actually associated with
00:00
that module name by using the -n option or -n flag,
00:00
and those are basically the options that you'll see.
00:00
Keep in mind, as I said previously,
00:00
as you go through these commands,
00:00
most of the time you can use the -H option
00:00
to get a help output and
00:00
see all the options that are available.
00:00
Now the modprobe command, as I said,
00:00
replaces insmod and rmmod.
00:00
It's a wrapper for those two commands,
00:00
and then nice part about modprobe,
00:00
is that it's dependency aware,
00:00
which means that if you're trying to install
00:00
a module or remove a module with modprobe,
00:00
it will add or remove the supporting modules,
00:00
the modules that are needed to load or remove
00:00
that module that you're trying to
00:00
work with using the modprobe command.
00:00
Again, you can see on the right-hand side a lot of
00:00
the different options that
00:00
are available with this command.
00:00
Then, we also have the depmod command.
00:00
This is used to find and handle kernel dependencies.
00:00
The most common option that you'll ever use with
00:00
a depmod command is depmod -a dash.
00:00
The -a option will probe will find all of the modules,
00:00
and that's actually done by the system upon boot.
00:00
The reason for this, is that the kernel needs a list of
00:00
all the modules and all the dependencies
00:00
that it needs to load upon big-time.
00:00
So it runs depmod -a to get that list
00:00
and then load all the modules and
00:00
all the dependencies that it needs.
00:00
Finally, we'll look at a dmesg command.
00:00
The dmesg command is used to read the kernel ring buffer.
00:00
Well, that's weird, was a ring buffer.
00:00
Well, ring buffer is just a space,
00:00
a file that has a certain limited amount of space,
00:00
and when it gets to the end of that,
00:00
it starts overwriting the beginning.
00:00
It circles around back to the beginning,
00:00
it starts overriding that same space,
00:00
so, it's called a ring buffer.
00:00
But really for our purposes,
00:00
the reason we want to talk about dmesg
00:00
is that it has kernel logs and it will
00:00
display the kernel logs that come up
00:00
when you add or remove modules to the kernel.
00:00
We've reached the end of the lesson
00:00
and in this lesson we covered
00:00
the kernel module commands like lsmod,
00:00
modinfo, modprobe,
00:00
and dmesg, and we
00:00
covered where each command would be used.
00:00
Thank you so much for being here
00:00
>> and I look forward to seeing you in the next lesson.
Up Next