The /proc File System And ProcMeter
The /proc file system is a part of Linux that most people have not investigated deeply—perhaps may have never heard of. Like the kernel itself, it is a vital part of a Linux system. Yet its contents and its function are a mystery to most users. If the kernel is the brain of the operating system then the /proc file system is its personal organizer.
In this article I will describe the /proc file system—what it is, and how it can be used. There is also a description of the program ProcMeter that uses the /proc file system to display useful information.
First of all, the /proc file system is not a real file system; it is a virtual file system without the physical presence that a disk or a tape has. The most common file system you use is the collection of files on the disk. The disk stores the data without regard to meaning, and the file system (e.g., the Linux ext2fs system) makes sense of the data. The file system organizes the data as directories and files for the user. Another common file system is the Network File System (NFS), which makes files on remote computers accessible.
All file systems are managed by the Linux kernel, which maps the data on the device into a usable form. The user-level programs that access the file system do not need to know how or where the data is actually stored. When a program reads from a file, the kernel manipulates the appropriate device to obtain the data. When a program accesses one of the /proc files there is no device; instead, the kernel supplies the information from its internal state. The files exist only while there is a program actually looking at them.
The /proc file system is a feature which Linux inherited from one of its Unix ancestors. There are two main dialects of Unix in popular usage: System V and BSD. The history of these two are not important here, except that System V contains a /proc and BSD does not.
Everything that is happening in Linux. Every single program that is running, the entire contents of memory, the internal workings of the kernel—all the processes currently running on the system are contained in the /proc file system. proc is an abbreviation for process.
The most interesting files in /proc are listed below. This list was compiled from kernel version 1.2.13; other versions will be different. This is not a complete list, but contains only those files whose contents are obvious to casual browsers. A full description of the files can be read in the Linux kernel source code—a task not for the faint-hearted.
The contents of /proc are completely dependent on the processor architecture. (For example, the file /proc/cpuinfo is available only for ix86 processors.) The different types of hardware with which the kernel must communicate can also add files (e.g., /proc/pci on PCI bus computers). There are also files that are present or not, depending on which kernel options are compiled. (My /proc/modules is empty, because I did not compile in modules support.)
cpuinfo contains the information established by the kernel about the processor at boot time, e.g., the type of processor, including variant and features.
kcore contains the entire RAM contents as seen by the kernel.
loadavg contains the system load averages for the last 1, 5 and 15 minutes, along with the number of processes currently running and the total number of processes.
meminfo contains information about the memory usage, how much of the available RAM and swap space are in use and how the kernel is using them.
stat contains system statistics, counts of the amount of usage the kernel has made of basic system resources.
uptime contains the amount of time in seconds that the system has been running, and the amount of that time that it has been idle.
version contains the kernel version information that lists the version number, when it was compiled and who compiled it.
net/ is a directory containing network information.
net/dev contains a list of the network devices that are compiled into the kernel. For each device there are statistics on the number of packets that have been transmitted and received.
net/route contains the routing table that is used for routing packets on the network.
net/snmp contains statistics on the higher levels of the network protocol.
self/ contains information about the current process. The contents are the same as those in the per-process information described below.
pid/ contains information about process number pid. The kernel maintains a directory containing process information for each process.
pid/cmdline contains the command that was used to start the process (using null characters to separate arguments).
pid/cwd contains a link to the current working directory of the process.
pid/environ contains a list of the environment variables that the process has available.
pid/exe contains a link to the program that is running in the process.
pid/fd/ is a directory containing a link to each of the files that the process has open.
pid/mem contains the memory contents of the process.
pid/stat contains process status information.
pid/statm contains process memory usage information.
You can look at the contents of these files yourself. Just type:
and you will see something like:
total: used: free: shared: buffers: Mem: 11423744 8753152 2670592 2670592 2764800 Swap: 25800704 5328896 20471808This table shows you how much memory you have, the amount you are using and how it is being used.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- Open-Source Project Secretly Funded by CIA
- The US Government and Open-Source Software
- The Death of RoboVM
- The Humble Hacker?
- New Container Image Standard Promises More Portable Apps
- BitTorrent Inc.'s Sync
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide