RULE
(Run Up2date Linux Everywhere)
an install option for current the Red Hat Linux distributions
constrained to those packages optimized to run with very little
RAM and HD space.
TuxMobil, handy info for
installing and running Linux on laptops
UltraLinux,
handy info for installing and running Linux on
SPARC processor based systems
Use RCS! You will never be able to keep tabs on the really relevant adjustments
if you don't snapshot configuration files before you change them.
Keep notes about system state in /root, and use RCS to provide a change trail
general notes
chkconfig --list
crontab -l
rpm -qa
... and other system wide state
Do create a crontab that dumps df -lh and ls -lh /var/spool/mail to a mail address
you monitor regularly.
View/purge root mail before it's mail spool gets bigger than a few MBytes.
It is better to have a small root mail spool that can be easily opened and read
than to have a gianormous one that may be difficult to open when system is under
stress.
Case-insensitive searching in vi is enabled thusly:
in command mode type :set ignorecase or :set ic
and to revert back type :set noignorecase or :set noic.
Also, consider putting set ignorecase into your vi configuration file.
Most computers decide how to boot by looking at a magic spot on
the default hard drive. This magic spot is excluded from hard partiiotning
and file system formatting. This magic spot is called the MBR (Master Boot
Record).
lilois a Linux tool for writing boot instructions to the MBR.
There are other tools by Microsoft and alternatives to lilo for Linux
for writing to the MBR, but they essentially do nothing more than what lilo
does (more about that later). As of this writing the latest lilo handles
modern BIOS's that can see past 8 GBytes
(see Hard Disks and Linux for more about this). If you
happen to be using an older lilo, you will need to make sure any bootable
partitions start below the 8 GByte threshold.
Since the MBR is read every time a system boots, you only need to run lilo
if you want to change how a system boots. Before you run lilo you need
to make sure a valid /etc/lilo.conf exists.
The Basic listing above will prepare lilo to overwrite the MBR on
/dev/hda (the first IDE hard drive) with the specified boot
instructions. To run lilo you need to be root. Warning - running
lilo will overwrite any existing booting instructions in the MBR
(more on how to restore altnative boot loaders later). If you are ready to
give it a go ...
# /sbin/lilo
Added linux *
Added dos
Bang! You you just overwrote the MBR /dev/hda. If you reboot (and no
floppy, cdrom, or other device is bootable) you will see your new boot
sequence execute.
The Funky listing above disables the pause and prompt before launching
the OS after boot. The vga=835 will boot with the console in
framebuffer mode - which looks like a super wide and tall console
(like you would see on a Sun or high end Unix box). The boot=/dev/fd0 is for
making a boot floppy - sort of.
Using the Funky /etc/lilo.conf listed above and running /sbin/lilo is
a no frills ways to make a boot floppy. Warning, floppy disks don't
have a magic MBR area, they just use the raw data area for boot instructions.
This means that lilo will obliterate any file system on the floppy, but now
the floppy can be used to boot the system (which is handy if the MBR on the
hard disk gets wacked).
Some distros have a mkbootdisk command. This is probably a better
way to create a boot floppy. This will add an actual kernel to the floppy
and some other neat stuff.
# uname -a
Linux localhost.localdomain 2.4.2-2 #1 Sun Apr 8 20:41:30 EDT 2001 i686 unknown
# mkbootdisk 2.4.2-2 /dev/fd0
Neat Floppy Boot Tricks
Lets say your MBR got wiped and you didn't make a boot floppy for
the system. You can use a boot floppy from another system, or even the install
CD for many distros to get to a boot: prompt. If you remember the
partition that has a bootable OS you can punt manually ...
boot: linux root=/dev/hda2 single initrd=
(where hda2 is root partition, initrd will bypass boot cd installer,
single - um well just because)
After boot edit /etc/lilo.conf and run lilo, or try your hand
at running mkbootdisk
Most versions of Linux support IDE and SCSI hard disks either directly in the kernal or
with use of an appropriate driver. The fdisk command can be used to inspect
what partitions (if any) an attached hard disk contains. To inspect the first IDE hard disk
use fdisk /dev/hda . For the first SCSI hard disk use fdisk /dev/sda .
USB drives follow the SCSI device naming convention in recent kernels.
Possibly Obsolete: CDROMs follow this as /dev/hca and /dev/sca . Subsequent disks are hdb, hdc for IDE
and scb, scc for SCSI. Multiple CDROMs follow the same naming convention.
# fdisk -l
Disk /dev/sda: 18.2 GB, 18210036736 bytes
255 heads, 63 sectors/track, 2213 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 33 265041 83 Linux
/dev/sda2 34 98 522112+ 82 Linux swap / Solaris
/dev/sda3 99 2213 16988737+ 83 Linux
Disk /dev/sdb: 36.4 GB, 36420075008 bytes
255 heads, 63 sectors/track, 4427 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 4427 35559846 8e Linux LVM
Disk /dev/sdc: 36.4 GB, 36420075008 bytes
255 heads, 63 sectors/track, 4427 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdc1 1 4427 35559846 8e Linux LVM
Disk /dev/sdd: 36.4 GB, 36420075008 bytes
255 heads, 63 sectors/track, 4427 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdd1 1 4427 35559846 8e Linux LVM
Disk /dev/sde: 123.5 GB, 123522417152 bytes
255 heads, 63 sectors/track, 15017 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sde1 * 1 15017 120624021 7 HPFS/NTFS
# df -ha
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 16G 1.7G 14G 11% /
/dev/proc 0 0 0 - /proc
/dev/sys 0 0 0 - /sys
/dev/devpts 0 0 0 - /dev/pts
/dev/sda1 251M 9.5M 229M 4% /boot
/dev/shm 252M 0 252M 0% /dev/shm
/dev/mapper/vg1-lvpublic
99G 74G 20G 79% /public
none 0 0 0 - /proc/sys/fs/binfmt_misc
sunrpc 0 0 0 - /var/lib/nfs/rpc_pipefs
automount(pid1733) 0 0 0 - /net
nfsd 0 0 0 - /proc/fs/nfsd
/public/new/hagrid_root.iso
7.9G 3.1G 4.4G 42% /mnt/h0
Beware that fdisk may show conflicting disk size information. The
following fdisk reports 500.1 GBytes, but actually holds only 465.7 GBytes = 500107862016 /
1024G / 1024M /1024K .
# fdisk -l
Disk /dev/sda: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 60801 488384001 c W95 FAT32 (LBA)
With fdisk you can use the P command to show a partition summary. Use D to
delete a partition, and N to create one. Use T to respecify partition type.
You might notice that the first partition is named something like hda1
(for first IDE drive). You can have four partitions per disk. In an extended
partition you can create logical partitions. The first logical partition will
be something like hda5 (for first IDE drive). The /dev directory on
root shows all the poosible names for devices and their partitions.
Drives formatted on Sparc systems and/or formatted natively under Solaris use
a peculiar partioning scheme. In some cases it may be necessary to obliterate
the partition table using badblock write mode option before partitioning
it with fdisk. Symptoms of this are inexplicable mkfs errors.
Hard Disk Formatting
Use mkfs thusly ...
mkfs -t [file system] /dev/[partition]
ext2 is the file system used most with Linux. msdos
and other alternative formats can be specified fi you like.
Whoa! Huge Disks and Linux
So you got this incredible deal on a 35 GByte drive for $99 bucks at Fry's.
But after using fdisk to create a single gianormous partition, you find formatting
it with mkfs wigs out and hangs nasty! Try fdisk'ing as a huge extended partition
and then makeing a huge logical partition inside it. Here's an fdisk summary from
a 13 GByte drive I had to partition this way.
Command (m for help): p
Disk /dev/hda: 247 heads, 228 sectors, 22505 cylinders
Units = cylinders of 56316 * 512 bytes
Device Boot Start End Blocks Id System
/dev/hda1 1 452 12714880+ 5 Extended
Partition 1 does not end on cylinder boundary:
phys=(1023, 15, 63) should be (1023, 246, 228)
/dev/hda5 1 452 12714849 83 Linux
Sometimes fdisk will complain that a huge disk partition doesn't end on
a cylinder boundary ... just ignore it, works for me. Such a monolithic
partition scheme will probably not work for a boot disk, but hey - you could
make a smaller bootable partition followed by the gianormous extended/logical
partition if you must boot from this disk.
Note: there appears to be a limitation in most distributions such that
the root partition must be within the first 8 GBytes.
The Art of Disk Mounting
Here's an example of a command to mount an IDE partition ...
mount -t ext2 /dev/hdb2 /mnt/secoundIDEpartition2
The directory /mnt/secoundIDEpartition2 needs to be created before
the mount command is given. The same partition can be unmounted thusly ...
umount /dev/hdb2
To have partitions mounted during bootup edit /etc/fstab.
Here's a sample fstab file I edited ...
Note the 1 2 flags on /dev/hda1 . Its a good idea to peruse man fstab
before adding entries to this file. For the most part find a line similar to what you
want, copy it, and tweak for you purpose.
Miscellanious Mount Hints
mount -t vfat /partition/xp_share /mount_point
File System/Partition Checking
Generally file system integrity is checked automatically. However, for
additional disk partitions you have created and for other reasons you may
wish to know how to do this. Use fsck /dev/[partition] .
Note, it is dangerous to fsck a partition that is mounted. If
possible, unmount it first before fsck'ing it.
Partition / File System Labels
More recent version of Linux use a more sophisticated
technique for declaring how a given partion should be mounted.
A file system volume label can be written to the a given
partition, then when mounting occurs, the mount location
can be derived from the file system itself. Paradoxically,
the volume label is often the same as the mount destination
so the extra abstraction may seem a bit overwrought over
simple specifying the raw mount location during mount time.
However, it can help from 'accidentally' mounting the wrong
partition. A hypothetical example is accidentally specifying
a root partition as a tmp partition during a freak boot,
the root parition could be wiped if it didn't have a disk
label saying it was something other than /tmp.
LVM adds an abstraction layer above typical device drivers.
Typically this is relevent only for hard disk devices.
Typically when a disk partition is mounted, the mounted volume
is directly related to a low-level disk partition. LVM allows
chunks of different disks to be collected into an abstract
volume that can be mounted just like a traditional disk partition.
Although there is a slight performance penalty for LVM, it offers
the ablilty to change the size of a partition and perform
advanced disk snapshot operations handy for doing backups without
unduly interrupting busy services.
It all starts with fdisk and assigning a partition type of 8E.
Note, sometimes fdisk will report an error when exiting after such
an assignment, though a reboot seems to resolve the issue.
LVM Corrupt Partition Counter Measures
Inevitably something will happen and your favorite LVM
partition won't mount. Attempts to fsck it will return strange
results because even though the underlying partion may be mounted,
the LVM partition within the disk partition isn't mounted because
the LVM partition is wacked in some way. Well, the LVM partition
information is usually aytomatically backed up in the /etc/lvm/backup
directory. Issuing the vgcfgrestore command and then activating the LVM
partition with vgchange often does the trick.
# mount /dev/vg1/bigusbdisk /archive
mount: special device /dev/vg1/bigusbdisk does not exist"
# vgscan
# pvscan -p
# lvscan
# vgcfgrestore vg1
# vgchange -a y vg1
# mount /dev/vg1/bigusbdisk /archive
# ls /archive
... lots of happy files ...
Elsewhere
LVM & RHEL4 modprobe dm_snapshot may be needed before lvcreate snapshots will work
This powerful command enables writing data out to CD burners from
the console.
$ cdrecord -scanbus
...
$ # -v verbose
$ # -eject eject cd after burn completes
$ # dev=6,0 use the drive ID you see reported from cdrecord -scanbus
$ # foobar.iso a prepared cd image ready for burning directly to disc
$ cdrecord -v -eject dev=6,0 foobar.iso
... watch and wait ...
Note, cdrecord is very SCSI-centric. It is possible to use it with
IDE cd burners, but you will have to setup a SCSI spoofed device that
maps to the IDE burner. More on that coming soon.
dd tricks
Creating a CD iso. The source partition can't be mounted during the process.
# dd if=/dev/cdrom of=cd.iso
Mounting a phantom device from CD iso file
# mount -o loop /public/new/hagrid_root.iso /mnt/h0
# ls /mnt/h0/
bin dev home lib misc opt public sbin tmp var
boot etc initrd lost+found mnt proc root sys usr
# df -lh
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 16G 1.7G 14G 11% /
/dev/sda1 251M 9.5M 229M 4% /boot
/dev/shm 252M 0 252M 0% /dev/shm
/dev/mapper/vg1-lvpublic
99G 74G 20G 79% /public
/public/new/hagrid_root.iso
7.9G 3.1G 4.4G 42% /mnt/h0
Xconfigurator - once Linux is booting to a login prompt on
a system's default video device, Xconfigurator is the command to
attempt to configure it for the X Windows graphics environment. Its best
to know what your graphics card/chip and monitor capabilites are before
running this. If you succeed in having it detect your graphics capability,
it is highly recomended that you decline having graphics enabled on bootup.
Instead stay with text only login and use startx to bring
up the graphics on demand. This will reduce headaches significantly if and
when your graphics capabilities inevitably change.
startx - some handy tidbits ...
startx -- -bpp 16
Ctrl Alt Bksp will force X to exit. This is handy if an app crashes or
otherwise renders an X Windows session unusable
Also, don't forget that on many systems Ctrl Alt + and
Ctrl Alt - will switch between screen resolutions of the
same color depth
(DE)
- Gnome, Afterstep, FWM, KDE, ...
On some distributions (notably RedHat 6.1)
even when KDE Workstation is selected during installation
X Windows still launches the Gnome DE (as indicated by the stupid
enlightenment initializer, retched over stylized poseur foot print logo,
and gianormous precious space wasting icons at the bottom of the
screen ... puff puff, rant off). To have a different DE, check for and
create if necessary a desktop file in /etc/sysconfig.
Edit this file and place KDE as the only text in it. To get Another
Level or other non-Gnome DE ... peruse the system files
that man startx references.
inittab - disabling X Windows at boot
Changing /etc/inittab
initdefault value next will change the runlevel entered after the next reboot.
...
# Default runlevel. The runlevels used by RHS are:
# 0 - halt (Do NOT set initdefault to this)
# 1 - Single user mode
# 2 - Multiuser, without NFS (The same as 3, if you do not have networking)
# 3 - Full multiuser mode
# 4 - unused
# 5 - X11
# 6 - reboot (Do NOT set initdefault to this)
#
id:3:initdefault:
...
Remote X Servers
Once you have an X Server running ...
start a local telnet session, connect to remote host
export DISPLAY=192.168.30.96:0.0 (use you local IP address)
bring up the X Server on your local host (it should come up with
a pretty much empty screen)
on the remote telnet session
xterm &
(this should bring terminal in the X Server)
Elsewhere
MicroImages: MIX
nice basic X Server for use under MacOS and Win32.
nfs has a server and a client side. Most Linux distributions
install the necessary files by default, but do not active them.
Server
# hostname
foobar
# rpm -qa | grep -i nfs-utils
nfs-utils-1.0.9-42.el5
# rpm -qi nfs-utils
The nfs-utils package provides a daemon for the
kernel NFS server and related tools ...
# cat /etc/exports
/public 10.17.0.0/255.255.0.0(ro)
# service nfs
...
Client
# ls /mnt/coolmntpt
empty
# mount foobar:/public /mnt/coolmntpt
# ls -l /mnt/coolmntpt
lots of files ...
# df -h | grep cool
foobar:/public ... /mnt/coolmntpt
# umount /mnt/coolmntpt
Security - It is easy for a client request to be spoofed allowing unauthorized
access to a nfs server volume. In general it good practice to only
expose nfs volumes across LAN links and not expose them to the broader
Internet.
Persistence - A nfs server may not stay online indefinetly. If you
regularly mount nfs volumes (i.e. you are nfs client), be familiar
enough with the nfs server to know when mounting it may not be a good
idea. In some cases mounting a volume from a server not online can
cause unexpected delays and worst case file corruption.
If you serve nfs mount points, you may want to configure your system
to automatically restart nfs at boot time.
Run Levels - Make sure portmap service is running.
Typically portmap is on for levels 3 and 5, but not for run level 2.
Additional info
/etc/fstab - allows nfs mount presets and automatic mounting after reboot
chkconfig - allows nfs server to be restarted after reboot
Most distributions do not enable user level ftp capability by default. For
RedHat you will need to install the /wu-ftpd-... RPM. This should
allow authorized users to access their home directories.
May need to tweak configurations files for inetd or
xinetd to allow service to be enabled. Following is the
/etc/xinetd.d/xinetd.conf from a RH71 install ...
# default: on
# description: The wu-ftpd FTP server serves FTP connections. It uses \
# normal, unencrypted usernames and passwords for authentication.
service ftp
{
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.ftpd
server_args = -l -a
log_on_success += DURATION USERID
log_on_failure += USERID
nice = 10
# disable = yes
}
In more recent ftp service limit access to their user directory.
This can be overridden on a per user basis in /etc/ftpaccess .
# rcsdiff ftpaccess
===================================================================
*** 11,24 ****
# Chroot all users to their home directory by default
# (comment this out if you don't want to chroot most of your users)
! guestuser *
# If you wish to allow user1 and user2 to access other
# directories, use the line below:
! # realuser user1,user2
--- 11,24 ----
# Chroot all users to their home directory by default
# (comment this out if you don't want to chroot most of your users)
! # guestuser *
# If you wish to allow user1 and user2 to access other
# directories, use the line below:
! realuser fredness,eddie
Anonymous FTP
If anonymous ftp capability is desired, install the
anonftp-... RPM. A /home/ftp directory should now exist that
anonymous users can access.
SaMBa - file sharing services that interface well with
Microsoft Windows
Make sure SMB services are installed. To make a public read only directory
available ...
locate file: /etc/smb.conf
check that the file's [public] section is uncommented
restart SMB (if necessary)
import the appropriate registry file on MS Windows client (if necessary)
Importable registry files for enabling MS Windows clients
can be found at ...
/usr/doc/samba-2.0.3/docs/
Acknowledging the presence of a dedicated WINS server. Here's an excerpt
from a smb.conf that does this ...
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
wins server = 192.168.30.200
# rcsdiff smb.conf
18c18
< workgroup = MYGROUP
---
> workgroup = WORKGROUP
21c21
< server string = Samba Server
---
> server string = morpheus.us.wizbang.com
58c58,59
< security = user
---
> # security = user
> security = share
228,233c229,234
< ;[public]
< ; comment = Public Stuff
< ; path = /home/samba
< ; public = yes
< ; read only = yes
< ; write list = @staff
---
> [public]
> comment = Public Stuff
> path = /public
> public = yes
> read only = yes
> write list = @staff
SaMBa - encrypted passwords
Most version of Microsoft Windows expect encrypted passwords to be
enabled. If a machine can see a SaMBa server but issues a connect/bad password
error when attempting to open the server, it is a pretty good bet that the
SaMBa server does not have encrypted passwords enabled. Quick way to get
around this is to tweak the REGISTRY on each MS Windows system to disable
encripted passwords (see above). A more compatible way to resolve this
is to enable encrypted passwords.
First, uncomment the following lines in the /etc/smb.conf ...
# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
encrypt passwords = yes
smb passwd file = /etc/smbpasswd
# The following are needed to allow password changing from Windows to
# update the Linux sytsem password also.
# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
# NOTE2: You do NOT need these to allow workstations to change only
# the encrypted SMB passwords. They allow the Unix password
# to be kept in sync with the SMB password.
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*
all*authentication*tokens*updated*successfully*
Second, create a user and password pair ...
>smbpasswd -a jsmith
>cat smbusers
>cat smbpasswd
SaMBa - Domain/Group and Anonymous
smb.conf traditioanlly sets intself to use MYGROUP
as the Micrsoft Networking Workgroup other systems will see,
To change this ...
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = ZAPTECH
There is no anonymous user built into SaMBa that I am aware of.
However, the nobody user can be given a smbpasswd of nothing.
This will present users with a user passwd requestor that can be dismissed
by using nobody and CR. Such users typically won't have write access.
Alternatively, dispense with user authentication entirely by changing
smb.conf security setting to share (see example above).
Before spending a lot of time setting up a classic 'pserver' CVS repository,
check id SSH is already available on you system. If it is then stop right there -
you already have all the remote access CVS repository information you need! Typically
ext CVS already associates with SSH. You will still need to setup a group
and file store though.
# cvs -d :ext:mylogin@hostname.com:/public/cvspublic co emailer
Following describes how to establish a CVS 'pserver'. Before you enable CVS,
make sure the following are ready
create a group called cvs (e.g. groupadd cvs)
edit /etc/group, add users to the cvs group that should be
allowed to access the CVS server remotely
create a cvs root directory (e.g. mkdir /home/cvsroot)
set the directory protections to allow cvs group members to access it
(e.g. chown fredness.cvs /home/cvsroot)
Most Linux distributions install the /usr/bin/cvs command by default.
What may not be obvious is that this executable is used both for command
line operations and for establishing a service daemon. Unless you have a
non-standard distribution, you will need to manually enable cvs services
by adding a line to the /etc/inetd.conf, and then restarting it.
Add the following to /etc/inetd.conf ...
For more recent xinetd
make a /etc/xinetd.d/cvspserver file containing something like ...
# default: off
# description: cvs server
service cvspserver
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/bin/cvs
server_args = -f --allow-root=/home/home/cvsroot pserver
}
Above based loosely on similar file for enabling telnetd .
Caution: watch out for white space!
These files may require tabs instead of spaces
for indenting purposes. The following is a bit more elaborate.
Note: log_on_success may in some situations introduce connect
delays. If so consider log_on_failure instead.
# default: off
# description: cvs server
service cvspserver
{
socket_type = stream
protocol = tcp
wait = no
log_on_success += USERID
user = root
passenv =
server = /usr/bin/cvs
server_args = -f --allow-root=/home/home/cvsroot pserver
}
Now, initialize the repository ...
> cvs -d /home/cvsroot init
CVS - Multiple Repositories Yes its true, you can have more than one CVS repository on a server. The
critical bit that allows this is adding another --allow-root=[path]
to /etc/xinetd.d/cvspserver for each additional repository. Each
repository will need to be initialized seperately.
CVS Port = 2401 Remote clients use this port to establish a connection to cvspserver
(consult /etc/services for more details)
CVS - Module Creation (Importing) This is can be tricky. Sometimes it is easier to create a dummy folder
containing a single file, import just that, then add any other files using
more straightforward cvs add
Check /usr/lib to see what libs are installed. Also,
you can take a look at /etc/ld.so.conf to see what libs are
installed and in what dir they are installed in.
To find our what libraries an executable uses ...
ldd [file]
If you have manually added a library to one of the existing
library directories, make sure you run ldconfig to register it.
Alternatively, try setting LD_LIBRARY_PATH env var to point to the
desired library directory.
# export LD_LIBRARY_PATH=/usr/local/lib
Use nm to figure
out which library any symbol is in.
For example, the following will locate which library containts the
symbol 'XGetExtensionVersion'.
Bourne Again SHell (BASH), is probably the most ubiquitous command line interpreter enabled
by default on Linux/Unix systems as of this writing. As such, there are many powerful
commands and other capabilities built into bash that are important to master
to effective manage and administer a wide variety of computer systems.
Useful way to to detach a session from the current login session, then
resurrect it later.
Very hand for monitoring/running commands that take a very long time to
complete, and not having to be sitting at the hardware.
$ screen -ls
No Sockets found in /var/run/screen/S-ricks.
$ screen
$ screen -ls
There is a screen on:
1067.pts-1.clamps (Detached)
$ [ctrl-A]d
[ ... detaches from current session ... ]
$ screen -ls
There is a screen on:
1067.pts-1.clamps (Detached)
$ screen -r 1067.pts-1.clamps
$ exit
$ screen -ls
No Sockets found in /var/run/screen/S-ricks.
On older systems may need to install ...
inetd-0.16-4.i386.rpm
telnet-server-0.16.6.i386.rpm
before remote login will be permitted. Once installed, may need to
restart system (although appropriate init.d command will probably
to the trick without rebooting).
On newer systems xinetd
has replaced inetd. Instead of a single /etc/inetd.conf file there
is /etc/xinetd.d/ directory with different small files for each service
to enable.
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
# restrict telnet access to internal network
only_from = 192.168.1.0/24
# disable = yes
}
Though consider somehow a hostile act by some, scanning
networks to check host and service settings is incredibly useful.
True, neodowells use network scanning to find servers to exploit,
however its the user's intent of a tool that needs to be judged - not
the tool itself.
That said, nmap is a network scanning tool. Great for
checking that your firewall is working ias expected.
$ nmap -A -T4 cp2.foobar.com
Interesting ports on 216.240.133.161:
(The 1671 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 3.9p1 (protocol 2.0)
80/tcp open http Apache httpd 2.0.52 ((Red Hat))
873/tcp open rsync (protocol version 28)
Nmap finished: 1 IP address (1 host up) scanned in 38.079 seconds
$ nmap -A -T4 cp1.foobar.com
Interesting ports on 216.240.159.214:
(The 1669 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE VERSION
20/tcp closed ftp-data
21/tcp open ftp vsftpd 2.0.1
22/tcp open ssh OpenSSH 3.9p1 (protocol 2.0)
80/tcp open http Apache httpd 2.0.52 ((Red Hat))
443/tcp closed https
Service Info: OS: Unix
Nmap finished: 1 IP address (1 host up) scanned in 55.310 seconds
Under RH7.1 (should work for most distros) the following will
format foo.c in postscript with two pages/page and send it to
lp printer port at 192.168.11.21 ...
This following will dump the text to the printer unformatted ...
lp -d @192.168.11.21 foo.c
Linux/Unix, Netscape/Mozilla Print Command
Following works for the ColorLaserJet 5MP (Mmmm, color postscrpt :-)
I have setup on the home office LAN at IP address 192.168.1.192
Don't venture here unless you have access to a pretty elaborate
setup (at least a subnet with 2 dedicated IP addresses and servers).
Although DNS in principle is pretty straight forward, one mis-step
and alot of machines can drop off the net.
$ host -t any zaptech.com r2d2.inow.com
Using domain server:
Name: r2d2.inow.com
Address: 198.144.96.10#53
Aliases:
zaptech.com has SOA record public.zaptech.com. info.zaptech.com. 2005021501 10800 1800 604800 86400
zaptech.com name server r2d2.inow.com.
zaptech.com name server public.zaptech.com.
zaptech.com has address 198.144.98.62
zaptech.com mail is handled by 10 mail.zaptech.com.
$ dig @b.root-servers.net scpns.org
; <<>> DiG 9.2.3rc1 <<>> @b.root-servers.net scpns.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28076
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 8
;; QUESTION SECTION:
;scpns.org. IN A
;; AUTHORITY SECTION:
org. 172800 IN NS TLD1.ULTRADNS.NET.
org. 172800 IN NS TLD2.ULTRADNS.NET.
org. 172800 IN NS TLD3.ULTRADNS.org.
org. 172800 IN NS TLD4.ULTRADNS.org.
org. 172800 IN NS TLD5.ULTRADNS.INFO.
org. 172800 IN NS TLD6.ULTRADNS.CO.UK.
;; ADDITIONAL SECTION:
TLD1.ULTRADNS.NET. 172800 IN AAAA 2001:502:d399::1
TLD1.ULTRADNS.NET. 172800 IN A 204.74.112.1
TLD2.ULTRADNS.NET. 172800 IN A 204.74.113.1
TLD3.ULTRADNS.org. 172800 IN A 199.7.66.1
TLD4.ULTRADNS.org. 172800 IN AAAA 2001:502:100e::1
TLD4.ULTRADNS.org. 172800 IN A 199.7.67.1
TLD5.ULTRADNS.INFO. 172800 IN A 192.100.59.11
TLD6.ULTRADNS.CO.UK. 172800 IN A 198.133.199.11
;; Query time: 27 msec
;; SERVER: 192.228.79.201#53(b.root-servers.net)
;; WHEN: Tue Jul 4 01:43:21 2006
;; MSG SIZE rcvd: 341
$ dig @TLD2.ULTRADNS.NET scpns.org
; <<>> DiG 9.2.3rc1 <<>> @TLD2.ULTRADNS.NET scpns.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53360
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;scpns.org. IN A
;; AUTHORITY SECTION:
scpns.org. 86400 IN NS ns1.zaptech.org.
scpns.org. 86400 IN NS ns1.sparkworx.com.
;; ADDITIONAL SECTION:
ns1.zaptech.org. 86400 IN A 64.32.175.104
;; Query time: 25 msec
;; SERVER: 204.74.113.1#53(TLD2.ULTRADNS.NET)
;; WHEN: Tue Jul 4 01:59:23 2006
;; MSG SIZE rcvd: 100
$ dig @172.16.4.20 howtolabs.net axfr
; <<>> DiG 9.3.1 <<>> @172.16.4.20 howtolabs.net axfr
; (1 server found)
;; global options: printcmd
howtolabs.net. 86400 IN SOA ns1.zaptech.org. info.zaptech.com. 2006052001 28800 7200 604800 86400
howtolabs.net. 86400 IN NS ns1.zaptech.org.
howtolabs.net. 86400 IN NS ns1.sparkworx.com.
howtolabs.net. 86400 IN TXT "v=spf1 include:fc5.zaptech.org ~all"
howtolabs.net. 86400 IN MX 10 fc5.zaptech.org.
howtolabs.net. 86400 IN A 64.32.175.104
www.howtolabs.net. 86400 IN A 64.32.175.104
howtolabs.net. 86400 IN SOA ns1.zaptech.org. info.zaptech.com. 2006052001 28800 7200 604800 86400
;; Query time: 21 msec
;; SERVER: 172.16.4.20#53(172.16.4.20)
;; WHEN: Mon Jul 17 16:35:42 2006
;; XFR size: 8 records (messages 1)
More recent releases of Fedora Core Linux have SELinux enabled by default.
For all but the most serious deployments (which arguably should not be using
Fedora Core in the first place), this is a big headache. Essentially this
adds another level of file attributes beyond those for user, group, and world.
Any changes to system files without also tuning the SELinux policies and file
attributes can cause all sorts of weird kernel error messages. It's also almost
impossible to removed SELinux once it has been installed - instead it is
better to disable the SELinux config file and reboot.
Nagios is a popular web service that is employed to monitor various systems and services.
It's become much easier to setup recently, but still suffers from being 'over-engineered' and
brittle to the extend that it will stop working for no apparent reason. Still, its popularity
is steadily increasing and overall it seems to be becoming easier to setup and more stable.
nagios Service Dies, Restart Keeps Dying
Nagios tends to die for having too large a file open (signal SIGXFSZ).
It turns out that performance data is being written to a file that is not rotated
by default, so it grows until it is too large to open.
An entry in the logrotate configuration is needed, so the file will be rotated
and compressed on a weekly basis, followed by restarting Nagios.
Hopefully that keeps the problem from recurring.
$ pwd
/usr/local/nagios/var
$ ls -lh
total 2.3G
drwxrwxr-x 2 nagios nagios 16K Jan 11 16:41 archives
-rw-rw-r-- 1 nagios nagios 552K Jan 14 09:06 nagios.debug
-rw-rw-r-- 1 nagios nagios 977K Jan 14 09:06 nagios.debug.old
-rw-r--r-- 1 nagios nagios 5 Jan 14 08:03 nagios.lock
-rw-rw-r-- 1 nagios nagios 45K Jan 14 09:03 nagios.log
-rw-r--r-- 1 nagios nagios 416K Jan 14 08:03 objects.cache
-rw------- 1 nagios nagios 505K Jan 14 09:03 retention.dat
drwxrwsr-x 2 nagios nagios 4.0K Jan 14 08:03 rw
-rw-rw-r-- 1 nagios nagios 879K Jan 14 09:06 service-perfdata
-rw-rw-r-- 1 nagios nagios 267M Jan 14 08:05 service-perfdata.1.gz
-rw-rw-r-- 1 nagios nagios 2.0G Jun 14 2009 service-perfdata.save
drwxrwxr-x 3 nagios nagios 4.0K Jan 16 2009 spool
-rw-rw-r-- 1 nagios nagios 502K Jan 14 09:06 status.dat
$ cat /etc/logrotate.conf
...
# system-specific logs may be also be configured here.
/usr/local/nagios/var/service-perfdata {
rotate 52
compress
nocreate
postrotate
/sbin/service nagios restart
endscript
}
Yum is feature equivelent to the venerable up2date RPM Manager provided by Red Hat.
Red Hat has announced end of life support for up2date for general use.
# yum check-update
# yum list \*php\*
Setting up repositories
updates-released 100% |=========================| 951 B 00:00
extras 100% |=========================| 1.1 kB 00:00
base 100% |=========================| 1.1 kB 00:00
Reading repository metadata in from local files
primary.xml.gz 100% |=========================| 429 kB 00:41
updates-re: ################################################## 1197/1197
Added 11 new packages, deleted 11 old in 25.55 seconds
Available Packages
mod_suphp.i386 0.5.2-8.fc4 extras
php.i386 5.0.4-10.5 updates-released
php-Smarty.noarch 2.6.10-2.fc4 extras
...
php-xmlrpc.i386 5.0.4-10.5 updates-released
phpldapadmin.noarch 0.9.7.2-2.fc4 extras
syck-php.i386 0.55-6.fc4 extras
When Red Hat Linux 9.0 official support ends in 2004, the only
'free RedHat-like' Linux with up2date support will be the Fedora distribution
[ fedora.redhat.com ].
up2date mirror sites Hey! Give Red Hat servers a break and get your updates from lest congested servers.
rpm anomolies Recent kernels may get out of step with rpm and make it difficult to perform
system updates. It may be possible to regress what kernel calls should be
used to launch programs.
# rpm -q rpm
rpmdb: unable to join the environment
error: db4 error(11) from dbenv->open: Resource temporarily unavailable
error: cannot open Packages index using db3 - Resource temporarily
unavailable (11)
error: cannot open Packages database in /var/lib/rpm
package rpm is not installed
Now it works when the following is done!!!!!
# rm /var/lib/rpm/__*
# export LD_ASSUME_KERNEL=2.2.5
# rpm -q rpm
rpm-4.2.1-0.30
For those who are comfortable using Red Hat
Enterprise Linux (RHEL), but don't want to pay the fees for routine
updates and support, CentOS is source code equivalent. It's more
stable than Rawhide and Fedora which are also based on same source code
7.X is the last release with support for x486/x386 systems sans Floating Point Unit (FPU).
It may be possible to recompile kernel with FPU emulation, build boot disk, and run
standard Red Hat installer.
6.2 is the last release with support for old Sun hardware
(sparc processor).
rpm - command line software package management tool
Hostname is a somewhat abstract concept. By itself it is just
a simple name used by the system internally. Classic example is the host
identifier text of a shell prompt. Strictly speaking this value is not known
by a system until it is set sometime after boot. Red Hat convention is
to place fully qualified hostname (shortname.domain.com) value in /etc/sysconfig/network which is
read early during system boot (changing this will only affect system after next boot).
Another convention is to place the short hostname at the end of the /etc/hosts line
for 127.0.0.1/localhost. This is allows internal processes to access local
resources using network connection protocols. Lastly, there is a system command
called hostname. It is the key to retrieving and changing a system's internal
hostname. Note: the hostname command specifically DOES NOT save any state for
the next time the system boots.
Gnome is used instead of the desired
desktop environment
Expert Install Mode
Even a simple install may require expert install mode
if a SCSI controller or network card support is desired. Also,
as of RedHat 6.X, the installer no longer allows full custom
disk partitioning with fdisk unless you specify
boot: expert text at install prompt and later indicate
a full custom installation
