These contents might change dynamically if you use the kudzu hardware configuration service. The kudzu service also prompts you at boot time to remove, configure, or ignore a related setting if kudzu detects new or different hardware (such as a new USB keyboard, network card, or monitor). The kudzu service creates a file called hwconf that contains a hardware profile of your PC's current state. Note that if kudzu is not enabled or running, you can use device-specific configuration utilities such as system-config-keyboard, or you can manually edit configuration files.
Information about the type of keyboard attached to the PC, for example, is contained in the file /etc/sysconfig/keyboard:
KEYBOARDTYPE="pc"
KEYTABLE="uk"
Here the keyboard in use is the U.K. layout, but if you are in the United States, you will likely see this:
KEYBOARDTYPE="pc"
KEYTABLE="us"
If you are new to Linux, the system-config-keyboard client is the best tool to use to configure a keyboard. You should manually edit system hardware configuration files used by graphical management clients only as a last resort.
Protect the Contents of User Directories — /home
The most important data on a Linux system resides in the user's directories, found under the /home directory. Segregating the system and user data can be helpful in preventing data loss and making the process of backing up easier. For example, having user data reside on a separate file system or mounted from a remote computer on the network might help shield users from data loss in the event of a system hardware failure.
Use the Contents of the /proc Directory to Interact with the Kernel
The content of the /proc directory is created from memory and exists only while Linux is running. This directory contains special "files" that either extract information from or send information to the kernel. Many Linux utilities extract information from dynamically created directories and files under this directory, also known as a virtual file system. For example, the free command obtains its information from a file named meminfo:
$ free
total used free shared buffers cached
Mem: 1026320 822112 204208 0 41232 481412
-/+ buffers/cache: 299468 726852
Swap: 2031608 0 2031608
This information constantly changes as the system is used. You can get the same information by using the cat command to see the contents of the meminfo file:
$ cat /proc/meminfo
MemTotaclass="underline" 1026320 kB
MemFree: 204200 kB
Buffers: 41252 kB
Cached: 481412 kB
SwapCached: 0 kB
Active: 307232 kB
Inactive: 418224 kB
HighTotaclass="underline" 122692 kB
HighFree: 244 kB
LowTotaclass="underline" 903628 kB
LowFree: 203956 kB
SwapTotaclass="underline" 2031608 kB
SwapFree: 2031608 kB
Dirty: 0 kB
Writeback: 0 kB
AnonPages: 202804 kB
Mapped: 87864 kB
Slab: 21736 kB
SReclaimable: 12484 kB
SUnreclaim: 9252 kB
PageTables: 5060 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
CommitLimit: 2544768 kB
Committed_AS: 712024 kB
VmallocTotaclass="underline" 114680 kB
VmallocUsed: 6016 kB
VmallocChunk: 108148 kB
HugePages_Totaclass="underline" 0
HugePages_Free: 0
HugePages_Rsvd: 0
Hugepagesize: 4096 kB
The /proc directory can also be used to dynamically alter the behavior of a running Linux kernel by "echoing" numeric values to specific files under the /proc/sys directory. For example, to "turn on" kernel protection against one type of denial-of-service (DoS) attack known as SYN flooding, use the echo command to send the number 1 (one) to the following /proc path:
# echo 1 >/proc/sys/net/ipv4/tcp_syncookies
The Linux kernel has a number of built-in protections, but good system administration security policies and a secure firewall protecting your gateway, router, or Internet-connected system are the best protection you can use. See Chapter 30, "Securing Your Machines," for an overview of firewalling and examples of how to implement network security tools included with Fedora.
Other ways to use the /proc directory include
► Getting CPU information, such as the family, type, and speed from / proc/cpuinfo.
► Viewing important networking information under /proc/net, such as active interfaces information under /proc/net/dev, routing information in /proc/net/route, and network statistics in /proc/net/netstat.
► Retrieving file system information.
► Reporting media mount point information via USB; for example, the Linux kernel reports what device to use to access files (such as /dev/sda) if a USB camera or hard drive is detected on the system. You can use the dmesg command to see this information.
► Getting the kernel version in /proc/version, performance information such as uptime in /proc/uptime, or other statistics such as CPU load, swap file usage, and processes in /proc/stat.
Work with Shared Data in the /usr Directory
The /usr directory (nearly 3GB in size if you do a default install) contains software applications, libraries, and other types of shared data for use by anyone on the system. Many Linux system administrators give /usr its own partition. A number of subdirectories under /usr contain the X Window System (/usr/bin), manual pages (/usr/share/man), software package shared files (/usr/share/name_of_package, such as /usr/share/emacs), additional application or software package documentation (/usr/share/doc), and an entire subdirectory tree of locally built and installed software, /usr/local.
Temporary File Storage in the /tmp Directory
As its name implies, the /tmp directory is used for temporary file storage; as you use Linux, various programs create files in this directory. The /tmp directory is cleaned of stale files each day by the tmpwatch command. (A stale file is any file not used after 10 days.) Settings in your system's scheduling table, /etc/crontab, configure Fedora by default to use tmpwatch to check /tmp each day.