HOWTOlabs Linux
Setup and basic uses

unless otherwise noted the following material has been gleaned from the use of redhat Linux distributions
More on Linux


Windows <-> Linux
  • g4u - "ghost for unix" for cloning PC harddisks via ftp
  • rdesktop - remote desktop protocol client for accessing Windows NT/2000 Terminal Server

Miscellanious Links [ edit ]

  • systemctl and other systemd tips
  • redhat: nmcli, NetworkManager Command Line Tool
  • Stack Exchange: unnecessary services.
  • Xaprb: What does > /dev/null 2>&1 mean?
  • CentOS, free community supported variant of RedHat Enterprise Linux (RHEL)
  • Bastille Linux, novel tool for accessing how secure a host OS is.
  • dump / restore information
  • The Linux Installation HOWTO
  • RULE (Run Up2date Linux Everywhere)
    an install option for current the Red Hat Linux distributions constrained to those packages optimized to run with very little RAM and HD space.
  • TuxMobil: handy info for installing and running Linux on laptops
  • UltraLinux: handy info for installing and running Linux on SPARC processor based systems

General Admin - the Tao of Linux/Unix administration [ edit ]
2015-08-31 updated, rickatech

Basic install

Extra steps for virtualized setups

# cat

  # does this need network restart afterward?
  ethtool -K ens192 gso off; ethtool -K ens192 tso off; ethtool -K ens192 lro off; ethtool -K ens192 gro off;
  ethtool -k ens192



dnf is the successor package management updater as of around 2020 for Fedora, RHEL, and CentOS since for some reason venerable yum was allegedly unfixable.




The Über alternative to version control and configuration management.  As of RHEL / Centos 6 this seems to be included in standard release packages.




As of 2014, many system administrator are experiencing adventures introduced by the wide adopting of systemd across most popular Linux distributions.  For the most part functionality is the same, but many common commands have migrated to systemd equivalents.  Following is shell session excerpt from RHEL/CentOS 7 basic Apache setup leveraging systemd style commands.

# rpm -qa | grep httpd


# /etc/httpd/mkdir vhosts-enabled

# /etc/httpd/mkdir vhosts-disabled

# ls -lh /etc/httpd/vhosts-enabled/

  -rw-r--r-- 1 root root 1.2K Feb  8 13:39

# rcsdiff /etc/httpd/conf/httpd.conf 

  > # vhost configs
  > IncludeOptional vhosts-enabled/*.conf

# cat vhosts-enabled/ 

  <Directory "/public/foobar/site">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted

  <VirtualHost *:80>
    DocumentRoot /public/foobar/site
    ErrorLog  /var/log/httpd/
    CustomLog /var/log/httpd/ combined 

# cat /public/foobar/site/index.html 


# systemctl restart httpd

# systemctl status httpd.service

# tail -f /var/log/httpd/ 

# tail -f /var/log/httpd/ 

# systemctl list-unit-files --type=service 

Text Editing - Use vi / vim!


Case-insensitive searching in vi is enabled thusly:
in command mode type :set ignorecase or :set ic and to revert back type :set noignorecase or :set noic. Also, consider putting set ignorecase into your vi configuration file.

File Access Control List (ACL)
2020-09 rickatech


Notice the + sign, that means an acl has been specified, and that your file system has acl enabled.  Typical distros come preconfigured with acl enable, but in some cases a package may need to be installed first.

$ ls -lh 

  -rw-rw-r--  1 will   webapp 872 Mar 19  2020 notes.txt
  drwxrwsr-x+ 6 will   webapp  93 Sep 27 05:56 Organizations
  drwxr-sr-x  3 apache webapp  21 Sep  5 09:13 Organizations.Rick LLC
  drwxrwsr-x  5 will   webapp  62 Sep 18 22:25 Projects
  drwxrwsr-x  2 will   webapp  66 Apr 25 05:22 uploads
  drwxrwsr-x  2 apache webapp   6 Aug  3 07:27 Users

$ getfacl Organizations

  # file: Organizations
  # owner: will
  # group: webapp
  # flags: -s-

The -m -x -d -k flags for setfacl are particular useful, as is getfacl.

2017-02 rickatech


Ansible is an open source remote system management toolset, recently acquired by commercial Linux vendors RedHat.  It allows reasonably low effort remote server administration .  Beginning users are encouraged to leave remote systems root login open to more easily get things working, with the caveat that many consider that a poor security best practice.

# yum install ansible


# ansible --version

  config file = /etc/ansible/ansible.cfg
  configured module search path = Default w/o overrides 

# mkdir ansible; cd ansible; ssh-keygen -f ansible_rsa

  Generating public/private rsa key pair ...

  [ using -f overrides default key name,
    forcing more specific key parameters below ]

# ls; cd ..


# ssh-copy-id -i ansible/

  Are you sure you want to continue connecting (yes/no)? yes
  Number of key(s) added: 1

# ssh -i ansible/ansible_rsa

  [ test remote key installed okay ]

# rcsdiff /etc/ansible/hosts

  > [ ip76 ]

# ansible -m ping 'ip76' --ssh-extra-args="-i  ansible/ansible_rsa" | SUCCESS => {
    "changed": false, 
    "ping": "pong"


Restoring GRUB to MBR
Boot off install CD in rescue mode. Mount desired root partition read-write ...
# chroot /mnt/sysimage
# /sbin/grub-install /dev/hda

Making a CD

Recently kernel and accoiated boot files are now too big to fit on a floppy! How do you create an emergency boot media then?
# uname -a
Linux linuxdv2 2.4.22-1.2114.nptlsmp #1 SMP ...
# mkbootdisk --device /root/boot.iso 2.4.22-1.2115.nptlsmp -v --iso
Now use a CD burning package create bootable CD from iso file


Most computers decide how to boot by looking at a magic spot on the default hard drive. This magic spot is excluded from hard partiiotning and file system formatting. This magic spot is called the MBR (Master Boot Record).

lilois a Linux tool for writing boot instructions to the MBR. There are other tools by Microsoft and alternatives to lilo for Linux for writing to the MBR, but they essentially do nothing more than what lilo does (more about that later). As of this writing the latest lilo handles modern BIOS's that can see past 8 GBytes (see Hard Disks and Linux for more about this). If you happen to be using an older lilo, you will need to make sure any bootable partitions start below the 8 GByte threshold.

Since the MBR is read every time a system boots, you only need to run lilo if you want to change how a system boots. Before you run lilo you need to make sure a valid /etc/lilo.conf exists.

Basic /etc/lilo.conf


Funky /etc/lilo.conf

	# vga=835 24 bit (e.g. Compaq Presario 1800T)
	# vga-834 16 bit

The Basic listing above will prepare lilo to overwrite the MBR on /dev/hda (the first IDE hard drive) with the specified boot instructions. To run lilo you need to be root. Warning - running lilo will overwrite any existing booting instructions in the MBR (more on how to restore altnative boot loaders later). If you are ready to give it a go ...
# /sbin/lilo
Added linux *
Added dos
Bang! You you just overwrote the MBR /dev/hda. If you reboot (and no floppy, cdrom, or other device is bootable) you will see your new boot sequence execute.

The Funky listing above disables the pause and prompt before launching the OS after boot. The vga=835 will boot with the console in framebuffer mode - which looks like a super wide and tall console (like you would see on a Sun or high end Unix box). The boot=/dev/fd0 is for making a boot floppy - sort of.

Making a Boot Floppy

Using the Funky /etc/lilo.conf listed above and running /sbin/lilo is a no frills ways to make a boot floppy. Warning, floppy disks don't have a magic MBR area, they just use the raw data area for boot instructions. This means that lilo will obliterate any file system on the floppy, but now the floppy can be used to boot the system (which is handy if the MBR on the hard disk gets wacked).

Some distros have a mkbootdisk command. This is probably a better way to create a boot floppy. This will add an actual kernel to the floppy and some other neat stuff.
# uname -a
Linux localhost.localdomain 2.4.2-2 #1 Sun Apr 8 20:41:30 EDT 2001 i686 unknown
# mkbootdisk 2.4.2-2 /dev/fd0

Neat Floppy Boot Tricks

Lets say your MBR got wiped and you didn't make a boot floppy for the system. You can use a boot floppy from another system, or even the install CD for many distros to get to a boot: prompt. If you remember the partition that has a bootable OS you can punt manually ...
boot: linux root=/dev/hda2 single initrd=
(where hda2 is root partition, initrd will bypass boot cd installer, single - um well just because)
After boot edit /etc/lilo.conf and run lilo, or try your hand at running mkbootdisk
Related ...
Elsewhere ...

Microsoft Boot Loaders

Windows NT and more recently Windows 2000 have their own MBR boot tools. When these OS's install, they overwrite the MBR with their own boot instructions. If you want to to enable their boot loader to offer an option for boot to your Linux partition you need to
  1. Make a boot floppy with lilo (see Funky /etc/lilo.conf above)
  2. Extract the boot instructions from the first part of the floppy raw data area into a file
    # dd if=/dev/fd0 bs=512 count=1
  3. Copy that file to the Windows main boot partition,
  4. Add an entry to BOOT.INI that points to this file with a label that its for launching Linux.
    [boot loader]
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Advanced Server" /fastdetect
    C:\"RedHat Linux: hda2"
  5. After a boot, can peek at what boot arguments were used
    $ cat /proc/cmdline
The reason a floppy was used above was so the MBR on the primary boot hardisk isn't disturbed. If you don't mind overwriting the MBR, you could have LILO use /dev/hda instead of /dev/fd0 . But since you are trying to get the NT boot loader to launch Linux, overwriting the MBR would mean you would have to reinstall the NT boot loader. Messy, but if you have a flakey floppy disk or other reason it is possible.

If you clobbered your MBR that had a Windows boot loader, there are ways to reinstate it. Unfortunately this is not as easy as it is with lilo. Alegedly Windows NT boot floppies or cdrom media can be used to get to a restore console that allows you to run fdisk /mbr or fixmbr. Last I tried, I had to use Windows 2000 boot cdrom, boot to it and tell it to enter restore mode. YOU WILL NEED TO KNOW YOUR ADMINISTRATOR PASSWORD OR NO DICE! to enter restore mode.

More ...
Linux & NT/W2000
Linux & Windows 9X

Hard Disks and Linux

Most versions of Linux support IDE and SCSI hard disks either directly in the kernal or with use of an appropriate driver. The fdisk command can be used to inspect what partitions (if any) an attached hard disk contains. To inspect the first IDE hard disk use fdisk /dev/hda . For the first SCSI hard disk use fdisk /dev/sda . USB drives follow the SCSI device naming convention in recent kernels.
Possibly Obsolete: CDROMs follow this as /dev/hca and /dev/sca . Subsequent disks are hdb, hdc for IDE and scb, scc for SCSI. Multiple CDROMs follow the same naming convention.
# fdisk -l

  Disk /dev/sda: 18.2 GB, 18210036736 bytes
  255 heads, 63 sectors/track, 2213 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes

     Device Boot      Start         End      Blocks   Id  System
  /dev/sda1   *           1          33      265041   83  Linux
  /dev/sda2              34          98      522112+  82  Linux swap / Solaris
  /dev/sda3              99        2213    16988737+  83  Linux

  Disk /dev/sdb: 36.4 GB, 36420075008 bytes
  255 heads, 63 sectors/track, 4427 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes

     Device Boot      Start         End      Blocks   Id  System
  /dev/sdb1               1        4427    35559846   8e  Linux LVM

  Disk /dev/sdc: 36.4 GB, 36420075008 bytes
  255 heads, 63 sectors/track, 4427 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes

     Device Boot      Start         End      Blocks   Id  System
  /dev/sdc1               1        4427    35559846   8e  Linux LVM

  Disk /dev/sdd: 36.4 GB, 36420075008 bytes
  255 heads, 63 sectors/track, 4427 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes

     Device Boot      Start         End      Blocks   Id  System
  /dev/sdd1               1        4427    35559846   8e  Linux LVM

  Disk /dev/sde: 123.5 GB, 123522417152 bytes
  255 heads, 63 sectors/track, 15017 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes

     Device Boot      Start         End      Blocks   Id  System
  /dev/sde1   *           1       15017   120624021    7  HPFS/NTFS

# df -ha

  Filesystem            Size  Used Avail Use% Mounted on
  /dev/sda3              16G  1.7G   14G  11% /
  /dev/proc                0     0     0   -  /proc
  /dev/sys                 0     0     0   -  /sys
  /dev/devpts              0     0     0   -  /dev/pts
  /dev/sda1             251M  9.5M  229M   4% /boot
  /dev/shm              252M     0  252M   0% /dev/shm
                         99G   74G   20G  79% /public
  none                     0     0     0   -  /proc/sys/fs/binfmt_misc
  sunrpc                   0     0     0   -  /var/lib/nfs/rpc_pipefs
  automount(pid1733)       0     0     0   -  /net
  nfsd                     0     0     0   -  /proc/fs/nfsd
                        7.9G  3.1G  4.4G  42% /mnt/h0

Beware that fdisk may show conflicting disk size information. The following fdisk reports 500.1 GBytes, but actually holds only 465.7 GBytes = 500107862016 / 1024G / 1024M /1024K .

# fdisk -l

  Disk /dev/sda: 500.1 GB, 500107862016 bytes
  255 heads, 63 sectors/track, 60801 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes

     Device Boot      Start         End      Blocks   Id  System
  /dev/sda1   *           1       60801   488384001    c  W95 FAT32 (LBA)

With fdisk you can use the P command to show a partition summary. Use D to delete a partition, and N to create one. Use T to respecify partition type.

You might notice that the first partition is named something like hda1 (for first IDE drive). You can have four partitions per disk. In an extended partition you can create logical partitions. The first logical partition will be something like hda5 (for first IDE drive). The /dev directory on root shows all the poosible names for devices and their partitions.

Drives formatted on Sparc systems and/or formatted natively under Solaris use a peculiar partioning scheme. In some cases it may be necessary to obliterate the partition table using badblock write mode option before partitioning it with fdisk. Symptoms of this are inexplicable mkfs errors.

Hard Disk Formatting

Use mkfs thusly ...
mkfs -t [file system] /dev/[partition]

ext2 is the file system used most with Linux. msdos and other alternative formats can be specified fi you like.

Whoa! Huge Disks and Linux

So you got this incredible deal on a 35 GByte drive for $99 bucks at Fry's. But after using fdisk to create a single gianormous partition, you find formatting it with mkfs wigs out and hangs nasty! Try fdisk'ing as a huge extended partition and then makeing a huge logical partition inside it. Here's an fdisk summary from a 13 GByte drive I had to partition this way.
Command (m for help): p

Disk /dev/hda: 247 heads, 228 sectors, 22505 cylinders
Units = cylinders of 56316 * 512 bytes

   Device Boot    Start       End    Blocks   Id  System
/dev/hda1             1       452  12714880+   5  Extended
Partition 1 does not end on cylinder boundary:
     phys=(1023, 15, 63) should be (1023, 246, 228)
/dev/hda5             1       452  12714849   83  Linux
Sometimes fdisk will complain that a huge disk partition doesn't end on a cylinder boundary ... just ignore it, works for me. Such a monolithic partition scheme will probably not work for a boot disk, but hey - you could make a smaller bootable partition followed by the gianormous extended/logical partition if you must boot from this disk.

Note: there appears to be a limitation in most distributions such that the root partition must be within the first 8 GBytes.

The Art of Disk Mounting

Here's an example of a command to mount an IDE partition ...
mount -t ext2 /dev/hdb2 /mnt/secoundIDEpartition2
The directory /mnt/secoundIDEpartition2 needs to be created before the mount command is given. The same partition can be unmounted thusly ...
umount /dev/hdb2
To have partitions mounted during bootup edit /etc/fstab. Here's a sample fstab file I edited ...
/dev/sda1       /               ext2    defaults        1 1
/dev/sda2       swap            swap    defaults        0 0
/dev/fd0        /mnt/floppy     ext2    noauto          0 0
/dev/cdrom      /mnt/cdrom      iso9660 noauto,ro       0 0
none            /proc           proc    defaults        0 0
/dev/hda1       /mnt/tempdisk   ext2    defaults        1 2
Note the 1 2 flags on /dev/hda1 . Its a good idea to peruse man fstab before adding entries to this file. For the most part find a line similar to what you want, copy it, and tweak for you purpose.
Miscellanious Mount Hints
mount -t vfat /partition/xp_share /mount_point

File System/Partition Checking

Generally file system integrity is checked automatically. However, for additional disk partitions you have created and for other reasons you may wish to know how to do this. Use fsck /dev/[partition] . Note, it is dangerous to fsck a partition that is mounted. If possible, unmount it first before fsck'ing it.


Partition / File System Labels

More recent version of Linux use a more sophisticated technique for declaring how a given partion should be mounted. A file system volume label can be written to the a given partition, then when mounting occurs, the mount location can be derived from the file system itself. Paradoxically, the volume label is often the same as the mount destination so the extra abstraction may seem a bit overwrought over simple specifying the raw mount location during mount time. However, it can help from 'accidentally' mounting the wrong partition. A hypothetical example is accidentally specifying a root partition as a tmp partition during a freak boot, the root parition could be wiped if it didn't have a disk label saying it was something other than /tmp.
# mkfs.ext3 -L /tmp /dev/sda5

# e2label /dev/sda5
# tune2fs -l /dev/sda1
  tune2fs 1.35 (28-Feb-2004)
  Filesystem volume name:   /boot
  Last mounted on:          
  Filesystem UUID:          05509a4a-7ba5-4412-a61b-31a09b7257dc
  Filesystem magic number:  0xEF53
  Filesystem revision #:    1 (dynamic)
  Filesystem features:      ext_attr resize_inode filetype sparse_super
  Default mount options:    (none)
  Filesystem state:         not clean
  Errors behavior:          Continue
  Filesystem OS type:       Linux
  Inode count:              66264
  Block count:              265040
  Reserved block count:     13252
  Free blocks:              249058
  Free inodes:              66226
  First block:              1
  Block size:               1024
  Fragment size:            1024
  Blocks per group:         8192
  Fragments per group:      8192
  Inodes per group:         2008
  Inode blocks per group:   251
  Filesystem created:       Thu Apr 27 17:48:41 2006
  Last mount time:          Wed May  3 16:32:18 2006
  Last write time:          Wed May  3 16:32:18 2006
  Mount count:              2
  Maximum mount count:      25
  Last checked:             Wed May  3 11:51:55 2006
  Check interval:           15552000 (6 months)
  Next check after:         Mon Oct 30 10:51:55 2006
  Reserved blocks uid:      0 (user root)
  Reserved blocks gid:      0 (group root)
  First inode:              11
  Inode size:               128
  Default directory hash:   tea
  Directory Hash Seed:      33dc61c3-0da3-4d03-beca-1f169b9aeb93


Stay tuned! RedHat Tips

Can install from a SCSI CD, but can't mount it once Linux is installed

Try this, as root:

rm /dev/cdrom
rm /dev/scd0
cd /dev
./MAKEDEV scd0
ln -s scd0 cdrom

SCSI Tape Devices

Typically SCSI tape drives mount as /dev/st0. In some cases the mt command may not be present, but is typically only an rpm away.
  • ...
# up2date -du mt-st --nosig

# rpm -qf /bin/mt

# su -

# mt -f /dev/st0 tell

# mt -f /dev/st0 status

# mt -f /dev/st0 rewind

# tar -cvf /dev/st0 *

# mt -f /dev/st0 rewind

Table of contents
# tar -ztvf /dev/st0

# tar -zxvf /dev/st0 /.../...

Logical Volume Manager (LVM)

LVM adds an abstraction layer above typical device drivers. Typically this is relevent only for hard disk devices. Typically when a disk partition is mounted, the mounted volume is directly related to a low-level disk partition. LVM allows chunks of different disks to be collected into an abstract volume that can be mounted just like a traditional disk partition. Although there is a slight performance penalty for LVM, it offers the ablilty to change the size of a partition and perform advanced disk snapshot operations handy for doing backups without unduly interrupting busy services.

It all starts with fdisk and assigning a partition type of 8E. Note, sometimes fdisk will report an error when exiting after such an assignment, though a reboot seems to resolve the issue.

LVM Corrupt Partition Counter Measures

Inevitably something will happen and your favorite LVM partition won't mount. Attempts to fsck it will return strange results because even though the underlying partion may be mounted, the LVM partition within the disk partition isn't mounted because the LVM partition is wacked in some way. Well, the LVM partition information is usually aytomatically backed up in the /etc/lvm/backup directory. Issuing the vgcfgrestore command and then activating the LVM partition with vgchange often does the trick.
# mount /dev/vg1/bigusbdisk /archive

  mount: special device /dev/vg1/bigusbdisk does not exist"

# vgscan

# pvscan -p

# lvscan

# vgcfgrestore vg1

# vgchange -a y vg1

# mount /dev/vg1/bigusbdisk /archive

# ls /archive

  ... lots of happy files ...
# fdisk /dev/hda
[ create /dev/hda4 as a Linux LVM partition ]
8e (Linux LVM)

# vgscan
... builds/populates /etc/lvmtab

# Low-level format partition for LVM
# pvcreate /dev/hda4

# vgcreate vg1 /dev/hda4

# vgchange -a n vg1 

# vgchange -a y vg1 

# vgchange -a n vg1 

# vgremove vg1
# vgcreate -s 16k vg1 /dev/hda4
create 16k PE size 

# mkdir /mnt/lv1

# lvcreate -L 100M -n lv1 vg1

# mkfs -t ext2 /dev/vg1/lv1

# mount /dev/vg1/lv1 /mnt/lv1

# lsof +D /mnt/lv1

# umount /mnt/lv1

# lvextend -L +10m /dev/vg1/lv1 /dev/hda4

# e2fsck -f /dev/vg1/lv1

# resize2fs /dev/vg1/lv1

# mount /mnt/lv1

# e2fsadm -L +20m /dev/vg1/lv1
[ no live mount error ]

# umount /mnt/lv1

# e2fsadm -L +20m /dev/vg1/lv1

# mount /mnt/lv1


Dump, Restore



This powerful command enables writing data out to CD burners from the console.
$ cdrecord -scanbus

$ # -v          verbose
$ # -eject      eject cd after burn completes
$ # dev=6,0     use the drive ID you see reported from cdrecord -scanbus
$ # foobar.iso  a prepared cd image ready for burning directly to disc
$ cdrecord -v -eject dev=6,0 foobar.iso
  ... watch and wait ...
Note, cdrecord is very SCSI-centric. It is possible to use it with IDE cd burners, but you will have to setup a SCSI spoofed device that maps to the IDE burner. More on that coming soon.

dd tricks

Creating a CD iso. The source partition can't be mounted during the process.
# dd if=/dev/cdrom of=cd.iso
Mounting a phantom device from CD iso file
# mount -o loop /public/new/hagrid_root.iso /mnt/h0

# ls /mnt/h0/
  bin   dev  home    lib         misc  opt   public  sbin  tmp  var
  boot  etc  initrd  lost+found  mnt   proc  root    sys   usr

# df -lh
  Filesystem            Size  Used Avail Use% Mounted on
  /dev/sda3              16G  1.7G   14G  11% /
  /dev/sda1             251M  9.5M  229M   4% /boot
  /dev/shm              252M     0  252M   0% /dev/shm
                         99G   74G   20G  79% /public
                        7.9G  3.1G  4.4G  42% /mnt/h0

The Art of Dual Booting Linux and Windows9X
On most systems it should be possible install both Linux and Windows9X. A prompt after boot is used to select which OS, and if nothing is entered after a few seconds a default selection is made.

If you decide to setup a system to dual-boot, make sure it has NO IMPORTANT DATA ON IT! Also, prepare for complications and DON'T RUSH! It is very easy to miss a critical step and have go back and redo a lot of work.


If a system has LILO configured to boot to either Linux or W9X/DOS, the default OS can be changed by editing the default line in /etc/lilo.conf to = the desired label. Make sure you run lilo after editing this file to alter the raw boot configuration files to act accordingly.

X Windows Tips

kdmrc - enabling root login from X login screen


Xconfigurator - once Linux is booting to a login prompt on a system's default video device, Xconfigurator is the command to attempt to configure it for the X Windows graphics environment. Its best to know what your graphics card/chip and monitor capabilites are before running this. If you succeed in having it detect your graphics capability, it is highly recomended that you decline having graphics enabled on bootup. Instead stay with text only login and use startx to bring up the graphics on demand. This will reduce headaches significantly if and when your graphics capabilities inevitably change.

startx - some handy tidbits ...
startx -- -bpp 16
Ctrl Alt Bksp will force X to exit. This is handy if an app crashes or otherwise renders an X Windows session unusable

Also, don't forget that on many systems Ctrl Alt + and Ctrl Alt - will switch between screen resolutions of the same color depth

Configuring X Windows Desktop Environments (DE) - Gnome, Afterstep, FWM, KDE, ...
On some distributions (notably RedHat 6.1) even when KDE Workstation is selected during installation X Windows still launches the Gnome DE (as indicated by the stupid enlightenment initializer, retched over stylized poseur foot print logo, and gianormous precious space wasting icons at the bottom of the screen ... puff puff, rant off). To have a different DE, check for and create if necessary a desktop file in /etc/sysconfig. Edit this file and place KDE as the only text in it. To get Another Level or other non-Gnome DE ... peruse the system files that man startx references.

inittab - disabling X Windows at boot
Changing /etc/inittab initdefault value next will change the runlevel entered after the next reboot.
# Default runlevel. The runlevels used by RHS are:
#   0 - halt (Do NOT set initdefault to this)
#   1 - Single user mode
#   2 - Multiuser, without NFS (The same as 3, if you do not have networking)
#   3 - Full multiuser mode
#   4 - unused
#   5 - X11
#   6 - reboot (Do NOT set initdefault to this)

Remote X Servers

Once you have an X Server running ...
  1. start a local telnet session, connect to remote host
  2. export DISPLAY= (use you local IP address)
  3. bring up the X Server on your local host (it should come up with a pretty much empty screen)
  4. on the remote telnet session
    xterm &
    (this should bring terminal in the X Server)


Autoconf - configure make install

Here's a quick overview of the peculiar command sequence many Linux apps use to install themselves:
$ ./configure --help
$ ./configure
$ make
$ make install
Funky (Should automake be run before autoconf?)
$ autoconf
$ automake  ( ->
$ CFLAGS="-g -O0" ./configure ( -> Makefile)
$ make
$ make install

xmkmf, Imakefile

This is yet another peculiar method for compiling and installing software under Linux. If you unpack some software and find Imakefile files sprinkled around it is a good bet that it expects you use xmkmf to generate a Makefile. Once a Makefile is created, should be as simple as running make much like with configure make install. It is amazing how much software uses Imakefile's but doesn't mention in the install instructions that xmkmf is the command you need to use to get things working properly.


Executables that run in the background to offer network services are usually started automatically when a system is started. The mechanism that starts and stops services uses settings kept in /etc/rc.d . Sometimes automatic startup the settings for a service need to adjusted. One could learn the particular details of files in /etc/rc.d , or you could just use the chkconfig command and specify the service, the run levels to change, and the state
> chkconfig --list
> chkconfig --level 2345 sshd on

nfs - network file system

nfs has a server and a client side.  Most Linux distributions install the necessary files by default, but do not active them.

# hostname


# rpm -qa | grep -i nfs-utils


# rpm -qi nfs-utils

  The nfs-utils package provides a daemon for the
  kernel NFS server and related tools ...

# cat /etc/exports


# service nfs

# ls /mnt/coolmntpt


# mount foobar:/public /mnt/coolmntpt
# ls -l /mnt/coolmntpt

  lots of files ...

# df -h | grep cool

  foobar:/public ... /mnt/coolmntpt

# umount /mnt/coolmntpt
[ for CentOS/RHEL 7/systemd see below ]

Security - It is easy for a client request to be spoofed allowing unauthorized access to a nfs server volume.  In general it good practice to only expose nfs volumes across LAN links and not expose them to the broader Internet.

Persistence - A nfs server may not stay online indefinetly.  If you regularly mount nfs volumes (i.e. you are nfs client), be familiar enough with the nfs server to know when mounting it may not be a good idea.  In some cases mounting a volume from a server not online can cause unexpected delays and worst case file corruption.  If you serve nfs mount points, you may want to configure your system to automatically restart nfs at boot time.

Run Levels - Make sure portmap service is running.  Typically portmap is on for levels 3 and 5, but not for run level 2.

Additional info

nfs - Unable to mount nfs share

As of RHEL/CentOS 7, client must also install nfs-utils and make sure rpcbind service is working.

# yum install nfs-utils

# mount /mnt

  Job for rpc-statd.service failed. See 'systemctl status rpc-statd.service' and 'journalctl -xn' for details.

# systemctl status rpcbind 

  rpcbind.service - RPC bind service
   Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; static)
   Active: inactive (dead)

# systemctl stop rpcbind 

# systemctl start rpcbind 

# systemctl status rpcbind 

  rpcbind.service - RPC bind service
   Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; static)
   Active: active (running) since Thu 2015-05-21 03:32:14 EDT; 1s ago
  Process: 2847 ExecStart=/sbin/rpcbind -w ${RPCBIND_ARGS} (code=exited, status=0/SUCCESS)
 Main PID: 2848 (rpcbind)
   CGroup: /system.slice/rpcbind.service
           └─2848 /sbin/rpcbind -w

# mount /mnt 


Linux Documentation Project


Most distributions do not enable user level ftp capability by default. For RedHat you will need to install the /wu-ftpd-... RPM. This should allow authorized users to access their home directories.
May need to tweak configurations files for inetd or xinetd to allow service to be enabled. Following is the /etc/xinetd.d/xinetd.conf from a RH71 install ...
# default: on
# description: The wu-ftpd FTP server serves FTP connections. It uses \
#       normal, unencrypted usernames and passwords for authentication.
service ftp
        socket_type             = stream
        wait                    = no
        user                    = root
        server                  = /usr/sbin/in.ftpd
        server_args             = -l -a
        log_on_success          += DURATION USERID
        log_on_failure          += USERID
        nice                    = 10
#       disable                 = yes
In more recent ftp service limit access to their user directory. This can be overridden on a per user basis in /etc/ftpaccess .
# rcsdiff ftpaccess
*** 11,24 ****
  # Chroot all users to their home directory by default
  # (comment this out if you don't want to chroot most of your users)
! guestuser *
  # If you wish to allow user1 and user2 to access other
  # directories, use the line below:
! # realuser user1,user2

--- 11,24 ----
  # Chroot all users to their home directory by default
  # (comment this out if you don't want to chroot most of your users)
! # guestuser *
  # If you wish to allow user1 and user2 to access other
  # directories, use the line below:
! realuser fredness,eddie

Anonymous FTP

If anonymous ftp capability is desired, install the anonftp-... RPM. A /home/ftp directory should now exist that anonymous users can access.

SaMBa - file sharing services that interface well with Microsoft Windows

Make sure SMB services are installed. To make a public read only directory available ...
  • locate file: /etc/smb.conf
  • check that the file's [public] section is uncommented
  • restart SMB (if necessary)
  • import the appropriate registry file on MS Windows client (if necessary)
$ cat /etc/redhat-release
  Fedora Core release 4 (Stentz)

$ rpm -qa | grep -i samba
Restarting SMB ...
/etc/rc.d/init.d/smb status
/etc/rc.d/init.d/smb stop
/etc/rc.d/init.d/smb start
Importable registry files for enabling MS Windows clients can be found at ...
Acknowledging the presence of a dedicated WINS server. Here's an excerpt from a smb.conf that does this ...
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
    wins server =
Tweaking file shares (circa RedHat 8.0)
diff -r1.1 /etc/samba/smb.conf
> #  netbios name = sony-samba
>    netbios name = hpserv
<    workgroup = MYGROUP
>    workgroup = WORKGROUP
< ;  hosts allow = 192.168.1. 192.168.2. 127.
>    hosts allow = 192.168.1. 192.168.2. 127.
<    security = user
>    security = share
> # GeeWiz production folder
> [geewiz]
>    comment = GeeWiz production folder
>    path = /geewiz
>    public = yes
>    writable = yes
# rcsdiff smb.conf
  <    workgroup = MYGROUP
  >    workgroup = WORKGROUP
  <    server string = Samba Server
  >    server string =
  <    security = user
  > #  security = user
  >    security = share
  < ;[public]
  < ;   comment = Public Stuff
  < ;   path = /home/samba
  < ;   public = yes
  < ;   read only = yes
  < ;   write list = @staff
  > [public]
  >     comment = Public Stuff
  >     path = /public
  >     public = yes
  >     read only = yes
  >     write list = @staff

SaMBa - encrypted passwords

Most version of Microsoft Windows expect encrypted passwords to be enabled. If a machine can see a SaMBa server but issues a connect/bad password error when attempting to open the server, it is a pretty good bet that the SaMBa server does not have encrypted passwords enabled. Quick way to get around this is to tweak the REGISTRY on each MS Windows system to disable encripted passwords (see above). A more compatible way to resolve this is to enable encrypted passwords.

First, uncomment the following lines in the /etc/smb.conf ...
# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
encrypt passwords = yes
smb passwd file = /etc/smbpasswd

# The following are needed to allow password changing from Windows to
# update the Linux sytsem password also.
# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
# NOTE2: You do NOT need these to allow workstations to change only
#        the encrypted SMB passwords. They allow the Unix password
#        to be kept in sync with the SMB password.
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*

Second, create a user and password pair ...
>smbpasswd -a jsmith

>cat smbusers

>cat smbpasswd

SaMBa - Domain/Group and Anonymous

smb.conf traditioanlly sets intself to use MYGROUP as the Micrsoft Networking Workgroup other systems will see, To change this ...
# workgroup = NT-Domain-Name or Workgroup-Name
   workgroup = ZAPTECH

There is no anonymous user built into SaMBa that I am aware of. However, the nobody user can be given a smbpasswd of nothing. This will present users with a user passwd requestor that can be dismissed by using nobody and CR. Such users typically won't have write access. Alternatively, dispense with user authentication entirely by changing smb.conf security setting to share (see example above).

RCS (revision control system)

Classic/legacy command line file based version control.       

CVS (centralized source code version control)

CVS - Installation

Before spending a lot of time setting up a classic 'pserver' CVS repository, check id SSH is already available on you system. If it is then stop right there - you already have all the remote access CVS repository information you need! Typically ext CVS already associates with SSH. You will still need to setup a group and file store though.

# cvs -d co emailer
Following describes how to establish a CVS 'pserver'. Before you enable CVS, make sure the following are ready
  1. create a group called cvs (e.g. groupadd cvs)
  2. edit /etc/group, add users to the cvs group that should be allowed to access the CVS server remotely
  3. create a cvs root directory (e.g. mkdir /home/cvsroot)
  4. set the directory protections to allow cvs group members to access it (e.g. chown fredness.cvs /home/cvsroot)
  5. (optional) chmod g+s /home/cvsroot
  6. (optional) chown root.cvs /root
Most Linux distributions install the /usr/bin/cvs command by default. What may not be obvious is that this executable is used both for command line operations and for establishing a service daemon. Unless you have a non-standard distribution, you will need to manually enable cvs services by adding a line to the /etc/inetd.conf, and then restarting it. Add the following to /etc/inetd.conf ...
# CVS service
cvspserver stream tcp nowait root /usr/sbin/tcpd /usr/bin/cvs --allow-root=/home/cvsroot pserver
For more recent xinetd make a /etc/xinetd.d/cvspserver file containing something like ...
# default: off
# description: cvs server
service cvspserver
	socket_type		= stream
 	protocol		= tcp
	wait			= no
	user			= root
	server			= /usr/bin/cvs
	server_args		= -f --allow-root=/home/home/cvsroot pserver
Above based loosely on similar file for enabling telnetd . Caution: watch out for white space! These files may require tabs instead of spaces for indenting purposes. The following is a bit more elaborate. Note: log_on_success may in some situations introduce connect delays. If so consider log_on_failure instead.
# default: off
# description: cvs server
service cvspserver
        socket_type		= stream
        protocol		= tcp
        wait			= no
        log_on_success		+= USERID
        user			= root
        passenv			=
        server			= /usr/bin/cvs
        server_args		= -f --allow-root=/home/home/cvsroot pserver
Now, initialize the repository ...
> cvs -d /home/cvsroot init

CVS - Multiple Repositories
Yes its true, you can have more than one CVS repository on a server. The critical bit that allows this is adding another --allow-root=[path] to /etc/xinetd.d/cvspserver for each additional repository. Each repository will need to be initialized seperately.

CVS Port = 2401
Remote clients use this port to establish a connection to cvspserver (consult /etc/services for more details)
cvspserver     2401/tcp     # CVS client/server operations
cvspserver     2401/udp     # CVS client/server operations

CVS - Module Creation (Importing)
This is can be tricky. Sometimes it is easier to create a dummy folder containing a single file, import just that, then add any other files using more straightforward cvs add
export CVSROOT=""
cvs login
cvs import -m "blah blah blah" modulename bogusvender firsttag
cvs logout
cat ./cvspass

CVS - Allowing Anonymous Access

Create a file called readers (e.g. /home/cvsroot/CVSROOT/readers) so that it contains ...

Now create another files called passwd so that it contains ...
It can be awkward to create a null password with the passwd command. The following perl script does the job though ...
> cat

my $randletter = "(int (rand (26)) + (int (rand (1) + .5) % 2 ? 65 : 97))";
my $salt = sprintf ("%c%c", eval $randletter, eval $randletter);
my $plaintext = shift;
my $crypttext = crypt($plaintext, $salt);
print "${crypttext}\n";

(Optional) You may also need to create a writers file that contains users who can commit changes...

Add nobody to cvs group

CVS - Read Only Users

Add the username (see below) then add username to the readers file (see above). No passwd file is required for this.

Annoying /root/.cvsignore Permission denied warning messages
This is a harmless 'bug' and is supposed to fixed in CVS 1.10.8

CVS - Adding New User to existing CVS server
Logon on to the CVS server as root
Execute adduser newusername
Then edit /etc/group and add the new username to the group used for CVS access (see above).
Additional Info
- Tips
- Akadia

MySQL Setup

Following works with redhat 7.1
# su -
# rpm -ivh mysql-3.23.36-1.i386.rpm
# rpm -ivh mysql-server-3.23.36-1.i386.rpm
# /etc/rc.d/init.d/mysqld status
# /etc/rc.d/init.d/mysqld start
# exit
# mysql
  -> \h
  -> \q

Which System Libraries are Installed

Check /usr/lib to see what libs are installed. Also, you can take a look at /etc/ to see what libs are installed and in what dir they are installed in.

To find our what libraries an executable uses ...
ldd [file]

If you have manually added a library to one of the existing library directories, make sure you run ldconfig to register it. Alternatively, try setting LD_LIBRARY_PATH env var to point to the desired library directory.

# export LD_LIBRARY_PATH=/usr/local/lib 
Use nm to figure out which library any symbol is in.  For example, the following will locate which library containts the symbol 'XGetExtensionVersion'.
$ nm -Bog /usr/X11/lib/*.so | grep XGetExtensionVersion 



Bourne Again SHell (BASH), is probably the most ubiquitous command line interpreter enabled by default on Linux/Unix systems as of this writing. As such, there are many powerful commands and other capabilities built into bash that are important to master to effective manage and administer a wide variety of computer systems.



Useful way to to detach a session from the current login session, then resurrect it later.  Very hand for monitoring/running commands that take a very long time to complete, and not having to be sitting at the hardware.

$ screen -ls

  No Sockets found in /var/run/screen/S-ricks.

$ screen

    $ screen -ls

      There is a screen on:
      1067.pts-1.clamps	(Detached)

    $ [ctrl-A]d

      [ ... detaches from current session ... ]

$ screen -ls

  There is a screen on:
  1067.pts-1.clamps	(Detached)

$ screen -r 1067.pts-1.clamps

    $ exit

$ screen -ls

  No Sockets found in /var/run/screen/S-ricks.



fortune, configuring your own fortune teller

$ cat foo

  fortune test 1
  fortune text 2
  fortune text 3

$ strfile foo

$ ls foo*


$ fortune foo


Install Notes


-a includes everything including subdirs, z is for compression v is for verbose
rsync -azv -e 'ssh' sourcedir user@host:/destdir

Telnet & Xinetd Services

On older systems may need to install ...
before remote login will be permitted. Once installed, may need to restart system (although appropriate init.d command will probably to the trick without rebooting).
On newer systems xinetd has replaced inetd. Instead of a single /etc/inetd.conf file there is /etc/xinetd.d/ directory with different small files for each service to enable.
# default: on
# description: The telnet server serves telnet sessions; it uses \
#       unencrypted username/password pairs for authentication.
service telnet
        disable         = no
        flags           = REUSE
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/sbin/in.telnetd
        log_on_failure  += USERID
# restrict telnet access to internal network
        only_from       =
#       disable         = yes


Though consider somehow a hostile act by some, scanning networks to check host and service settings is incredibly useful. True, neodowells use network scanning to find servers to exploit, however its the user's intent of a tool that needs to be judged - not the tool itself.

That said, nmap is a network scanning tool. Great for checking that your firewall is working ias expected.
$ nmap -A -T4

  Interesting ports on
  (The 1671 ports scanned but not shown below are in state: filtered)
  22/tcp  open  ssh     OpenSSH 3.9p1 (protocol 2.0)
  80/tcp  open  http    Apache httpd 2.0.52 ((Red Hat))
  873/tcp open  rsync    (protocol version 28)

  Nmap finished: 1 IP address (1 host up) scanned in 38.079 seconds

$ nmap -A -T4

  Interesting ports on
  (The 1669 ports scanned but not shown below are in state: filtered)
  20/tcp  closed ftp-data
  21/tcp  open   ftp      vsftpd 2.0.1
  22/tcp  open   ssh      OpenSSH 3.9p1 (protocol 2.0)
  80/tcp  open   http     Apache httpd 2.0.52 ((Red Hat))
  443/tcp closed https
  Service Info: OS: Unix

  Nmap finished: 1 IP address (1 host up) scanned in 55.310 seconds

lp & a2ps

Under RH7.1 (should work for most distros) the following will format foo.c in postscript with two pages/page and send it to lp printer port at ...
a2ps -Plp@ foo.c
a2ps -s duplex -Plp@ foo.c
a2ps -Plp@ foo.c --columns=1 -s duplex -L66

This following will dump the text to the printer unformatted ...
lp -d @ foo.c
Linux/Unix, Netscape/Mozilla Print Command
Following works for the ColorLaserJet 5MP (Mmmm, color postscrpt :-) I have setup on the home office LAN at IP address
lp -d @


On older systems may need to install talkd and inetd before remote chat session will be permitted. Once installed, may need to restart system (although appropriate init.d command will probably to the trick without rebooting).

On newer systems (e.g. RH 7.X) ntalkd has replaced talkd and xinetd has replaced inetd. Will need to enable service in file /etc/xinetd.d/ntalk . Note, RPM's for this are typically called talk-server-... and will create a /etc/xinetd.d/talk and /etc/xinetd.d/ntalk config files which are redundant - you only need to activate one of them.
# default: off
# description: The ntalk server accepts ntalk connections, for chatting \
#       with users on different systems.
service ntalk
        disable                 = no
        socket_type             = dgram
        wait                    = yes
        user                    = nobody
        group                   = tty
        server                  = /usr/sbin/in.ntalkd

Once configured, a user logged on to a configured host can start up a chat session with another user logged into the same host thusly ...
talk joe

named - Internet DNS (Domain Name Service)



Don't venture here unless you have access to a pretty elaborate setup (at least a subnet with 2 dedicated IP addresses and servers). Although DNS in principle is pretty straight forward, one mis-step and alot of machines can drop off the net.

$ host -t any

  Using domain server:
  Aliases: has SOA record 2005021501 10800 1800 604800 86400 name server name server has address mail is handled by 10

$ dig

  ; <<>> DiG 9.2.3rc1 <<>>
  ;; global options:  printcmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28076
  ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 8

  ;                     IN      A

  org.                    172800  IN      NS      TLD1.ULTRADNS.NET.
  org.                    172800  IN      NS      TLD2.ULTRADNS.NET.
  org.                    172800  IN      NS
  org.                    172800  IN      NS
  org.                    172800  IN      NS      TLD5.ULTRADNS.INFO.
  org.                    172800  IN      NS      TLD6.ULTRADNS.CO.UK.

  TLD1.ULTRADNS.NET.      172800  IN      AAAA    2001:502:d399::1
  TLD1.ULTRADNS.NET.      172800  IN      A
  TLD2.ULTRADNS.NET.      172800  IN      A      172800  IN      A      172800  IN      AAAA    2001:502:100e::1      172800  IN      A
  TLD5.ULTRADNS.INFO.     172800  IN      A
  TLD6.ULTRADNS.CO.UK.    172800  IN      A

  ;; Query time: 27 msec
  ;; SERVER:
  ;; WHEN: Tue Jul  4 01:43:21 2006
  ;; MSG SIZE  rcvd: 341 

  ; <<>> DiG 9.2.3rc1 <<>> @TLD2.ULTRADNS.NET
  ;; global options:  printcmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53360
  ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1

  ;                     IN      A

  ;; AUTHORITY SECTION:              86400   IN      NS              86400   IN      NS

  ;; ADDITIONAL SECTION:        86400   IN      A

  ;; Query time: 25 msec
  ;; SERVER:
  ;; WHEN: Tue Jul  4 01:59:23 2006
  ;; MSG SIZE  rcvd: 100

$ dig @ axfr

  ; <<>> DiG 9.3.1 <<>> @ axfr
  ; (1 server found)
  ;; global options:  printcmd          86400   IN      SOA 2006052001 28800 7200 604800 86400          86400   IN      NS          86400   IN      NS          86400   IN      TXT     "v=spf1 ~all"          86400   IN      MX      10          86400   IN      A      86400   IN      A          86400   IN      SOA 2006052001 28800 7200 604800 86400
  ;; Query time: 21 msec
  ;; SERVER:
  ;; WHEN: Mon Jul 17 16:35:42 2006
  ;; XFR size: 8 records (messages 1)

Security-Enhanced Linux


More recent releases of Fedora Core Linux have SELinux enabled by default. For all but the most serious deployments (which arguably should not be using Fedora Core in the first place), this is a big headache. Essentially this adds another level of file attributes beyond those for user, group, and world. Any changes to system files without also tuning the SELinux policies and file attributes can cause all sorts of weird kernel error messages. It's also almost impossible to removed SELinux once it has been installed - instead it is better to disable the SELinux config file and reboot.

$ diff -r1.1 /etc/selinux/config
  < SELINUX=enforcing
  > # LINUX=enforcing
  > SELINUX=permissive

SELinux (when enabled), adds four new file attributes: user, role, type, range.  As root use chcon to modify SELinux file attributes.

# cd /var/www/icons

# ls -lhZ

  -rw-r--r--  root root system_u:object_r:httpd_sys_content_t a.gif
  -rw-r--r--  root root system_u:object_r:httpd_sys_content_t
  -rw-r--r--  root root user_u:object_r:httpd_sys_content_t the-hyperchicken-87721.jpg
  -rw-r--r--  root root system_u:object_r:httpd_sys_content_t world2.gif
  -rw-r--r--  root root system_u:object_r:httpd_sys_content_t world2.png

# chcon -t httpd_sys_content_t the-hyperchicken-87721.jpg

# chcon -u system_u the-hyperchicken-87721.jpg

# ls -lhZ the-hyperchicken-87721.jpg

  -rw-r--r--  root root system_u:object_r:httpd_sys_content_t the-hyperchicken-87721.jpg 


For the most part, NetworkManager is a GUI for use by non-server Linux installs.  Often its presence is made known by NM_ directive in the /etc/sysconfig/network-scripts/ifcfg-eth0.

Elsewhere: convirture


Nagios is a popular web service that is employed to monitor various systems and services.  It's become much easier to setup recently, but still suffers from being 'over-engineered' and brittle to the extend that it will stop working for no apparent reason.  Still, its popularity is steadily increasing and overall it seems to be becoming easier to setup and more stable.

nagios Service Dies, Restart Keeps Dying

Nagios tends to die for having too large a file open (signal SIGXFSZ).  It turns out that performance data is being written to a file that is not rotated by default, so it grows until it is too large to open.

An entry in the logrotate configuration is needed, so the file will be rotated and compressed on a weekly basis, followed by restarting Nagios.  Hopefully that keeps the problem from recurring.

$ pwd


$ ls -lh 

  total 2.3G
  drwxrwxr-x 2 nagios nagios  16K Jan 11 16:41 archives
  -rw-rw-r-- 1 nagios nagios 552K Jan 14 09:06 nagios.debug
  -rw-rw-r-- 1 nagios nagios 977K Jan 14 09:06 nagios.debug.old
  -rw-r--r-- 1 nagios nagios    5 Jan 14 08:03 nagios.lock
  -rw-rw-r-- 1 nagios nagios  45K Jan 14 09:03 nagios.log
  -rw-r--r-- 1 nagios nagios 416K Jan 14 08:03 objects.cache
  -rw------- 1 nagios nagios 505K Jan 14 09:03 retention.dat
  drwxrwsr-x 2 nagios nagios 4.0K Jan 14 08:03 rw
  -rw-rw-r-- 1 nagios nagios 879K Jan 14 09:06 service-perfdata
  -rw-rw-r-- 1 nagios nagios 267M Jan 14 08:05 service-perfdata.1.gz
  -rw-rw-r-- 1 nagios nagios 2.0G Jun 14  2009
  drwxrwxr-x 3 nagios nagios 4.0K Jan 16  2009 spool
  -rw-rw-r-- 1 nagios nagios 502K Jan 14 09:06 status.dat 

$ cat /etc/logrotate.conf 


  # system-specific logs may be also be configured here.
  /usr/local/nagios/var/service-perfdata {
	rotate 52
	/sbin/service nagios restart

SuSE/Novell Distribution Notes

Yast (yast, yast2) is the supported method for perform updates with SuSE Linux.

Yum - RPM Manager

Yum is feature equivelent to the venerable up2date RPM Manager provided by Red Hat.  Red Hat has announced end of life support for up2date for general use. 
# yum check-update

# yum list \*php\*
  Setting up repositories
  updates-released          100% |=========================|  951 B    00:00
  extras                    100% |=========================| 1.1 kB    00:00
  base                      100% |=========================| 1.1 kB    00:00
  Reading repository metadata in from local files
  primary.xml.gz            100% |=========================| 429 kB    00:41
  updates-re: ################################################## 1197/1197
  Added 11 new packages, deleted 11 old in 25.55 seconds
  Available Packages
  mod_suphp.i386                           0.5.2-8.fc4            extras
  php.i386                                 5.0.4-10.5             updates-released
  php-Smarty.noarch                        2.6.10-2.fc4           extras
  php-xmlrpc.i386                          5.0.4-10.5             updates-released
  phpldapadmin.noarch                      extras
  syck-php.i386                            0.55-6.fc4             extras

Fedora Distribution Notes

When Red Hat Linux 9.0 official support ends in 2004, the only 'free RedHat-like' Linux with up2date support will be the Fedora distribution [ ].
up2date mirror sites
Hey! Give Red Hat servers a break and get your updates from lest congested servers.
rpm anomolies
Recent kernels may get out of step with rpm and make it difficult to perform system updates. It may be possible to regress what kernel calls should be used to launch programs.
# rpm -q rpm
rpmdb: unable to join the environment
error: db4 error(11) from dbenv->open: Resource temporarily unavailable
error: cannot open Packages index using db3 - Resource temporarily
unavailable (11)
error: cannot open Packages database in /var/lib/rpm
package rpm is not installed

Now it works when the following is done!!!!!

# rm /var/lib/rpm/__*

# export LD_ASSUME_KERNEL=2.2.5

# rpm -q rpm

Red Hat Distribution Notes

CentOS [ edit ]


For those who are comfortable using Red Hat Enterprise Linux (RHEL), but don't want to pay the fees for routine updates and support, CentOS is source code equivalent.  It's more stable than Rawhide and Fedora which are also based on the same source code

udev Confuses Network Settings after Cloning a Virtual Machine


It seems variants of Red Hat Enterprise Linux 6 can behave strangely after files are copied from an already working virtual machine file set.  The work around is simple, wipe away the cached values that udev uses and reboot.  Most hypervisors will change the MAC Address for a network interface when it notices a virtual machine has been copied, which for some reason RHEL6 is more sensitive to.

(as of 2014-03, the following seems only to apply for pre-CentOS 6)

# service network stop

# rm /etc/udev/rules.d/70-persistent-net.rules 

# rmmod vmxnet

# modprobe vmxnet

# shutdown -h now

Unsupported Hardware

rpm - command line software package management tool

Common command line arguments
rpm -qa     Show list of all rpm packages installed
rpm -qlp [file] Find out what is in an RPM before you install it
rpm -qp --scripts [file] View the install/un-install scripts associated with an RPM
rpm -ivh [file] 'you know, install it ...
rpm -e [file] 'erase'/uninstall it ...
rpm -K [file] check authentication signature (for geeks mostly)

RedHat Network


The rhnsd service provides ... stay tuned.

# service rhnsd status

  rhnsd (pid 6262) is running...

# chkconfig --list | grep rhn

  rhn-virtualization-host	0:off	1:off	2:on	3:on	4:on	5:on	6:off
  rhnsd          	0:off	1:off	2:on	3:on	4:on	5:on	6:off

# rhn_check

Changing Host Name

Typically this requires editing /etc/sysconfig/network and rebooting.

$ cat /etc/sysconfig/network


Hostname is a somewhat abstract concept. By itself it is just a simple name used by the system internally. Classic example is the host identifier text of a shell prompt. Strictly speaking this value is not known by a system until it is set sometime after boot. Red Hat convention is to place fully qualified hostname ( value in /etc/sysconfig/network which is read early during system boot (changing this will only affect system after next boot). Another convention is to place the short hostname at the end of the /etc/hosts line for This is allows internal processes to access local resources using network connection protocols. Lastly, there is a system command called hostname. It is the key to retrieving and changing a system's internal hostname. Note: the hostname command specifically DOES NOT save any state for the next time the system boots.

Gnome is used instead of the desired desktop environment
(see X Windows)

Expert Install Mode
Even a simple install may require expert install mode if a SCSI controller or network card support is desired. Also, as of RedHat 6.X, the installer no longer allows full custom disk partitioning with fdisk unless you specify boot: expert text at install prompt and later indicate a full custom installation

Evil hosts file - the localhost entry in a hosts file should never contain the hostname, especailly if a fixed IP address is used. If it does, this can freak out other systems on the same network. If you need to declare your hostname in the hosts file, make a dedicated entry for it to you fixed IP address. This will allow NetBIOS, SaMBa, and other net browser protocals to properly resolve your system. For example ... localhost fredness mail
Version - determine which Red Hat distribution
cat /etc/redhat-release
/etc/passwd, /etc/group
$ man 5 passwd
Red Hat)