This is my "cheat sheet" for RedHat Linux systems.
Latest update 02 January 2005.
Note, some of these commands may not be available on
other systems, and some of the stuff is a bit old. I do
try to clean it out from time to time ...
When starting with Unix, there are a lot of new names, files,
and other things to remember. This file is a very condensed
listing of things that I used more than one time in setting
up my site. It is roughly listed by topic so that I can quickly
look up something with my editor rather than searching through
10 different books.
By the way, if you want a single book that has much of what is
presented here and a lot more in a Quick Reference format,
take a look at:
Linux in a Nutshell, Ellen Siever and the Staff of O'Reilly &
Assiciates, Inc, published by O'Reilly.
A good online resource that gives most of this information and more
can be found at: http://jgo.local.net/LinuxGuide/
Acrobat Reader:
If you don't have it, just download it from Adobe. There
is also a plugin, very useful, download it and drop it
into /usr/local/mozilla/plugins. It is in
/usr/local/Acrobat4/Browsers/intellinux/nppdf.so
For more see Netscape topic.
Apache:
To start, stop, ... Apache, use:
/etc/rc.d/init.d/httpd [start|stop|restart|reload|status]
You can read about its progress by issuing:
tail -f /var/log/httpd/error_log
Check new configuration rules in /etc/httpd/conf/xxx.conf with
httpd -t
restart Apache if dead:
/etc/rc.d/init.d/httpd restart
NOTE: if you add a virtual host, be sure to add a
/var/log/httpd/"virtual-host-name" directory for the
log and error_log or httpd will not start.
Be sure to run your Apache with a userid other than
root (User and Group in httpd.conf).
Boot:
See qemu below:
The boot process calls /etc/inittab to get going.
The level specified on the id line (id:5:initdefault)
is the initial boot level (the above, 5, being X11)
Your machine has rebooted and something important scrolled
off the screen? Well, type:
dmesg
In the file /etc/rc.d/rc.sysinit is called once at boot
time. There are a number of interesting things in this
file.
In RH7.0 and greater sysctl is called in rc.sysinit
There are a lot of programs that are automatically started.
On RedHat systems, use chkconfig to manage these files
(files found in /etc/rc.d/init.d/"daemon-name". See
Daemons below for more details on chkconfig.
Unlike Windows, you should only have to reboot Linux when you install
a new kernel, or as a simple precaution every six months or so. If
you find yourself rebooting for other reasons, you are probably doing
something wrong.
Customizing your boot. I add a single line to /etc/rc.d/rc.local
that simply invokes /etc/rc.d/my.rc.local, which contains
all my firewall rules, and things particular to my machine.
This means only a one line change every time I upgrade
the OS. More recently RedHat has added a /etc/sysconfig, which
contains the scripts for starting lots of services and for
customizing the services.
Boot disk:
See qemu below.
To make an emergency boot disk, find the name of the
Kernel with:
ls -l /boot
then put the name less vmliux- on the mkbootdisk line:
su
mkbootdisk --device /dev/fd0 2.2.17-14
See Disaster Recovery for how to use the boot disk.
It is VERY important to make a boot disk after each kernel
upgrade. Otherwise, you may find yourself booting with an
older system, and often many newer versions of programs
such as NSF and Samba will not work with prior versions of
the OS.
Note, this boot disk is not the same as an Install floppy.
Normally, you do not need an install floppy if you can boot
from a CDROM. If you cannot boot from a CDROM for some reason,
old machine, brain damaged Compaq bios, or whatever, you can
make one as follows:
mount the Installation CDROM
cd /mnt/cdrom/images
dd if=boot.img of=/dev/fd0 bs=1440k
Do not mount the floppy. After that, you will have your own
Installation floppy that can also be used as an emergency boot
disk.
CD, burning:
Using xcdroast, you must first configure it using the setup.
Under the tab "HD Settings", you give it the patch to a directory
where you will put iso images.
Click "Create CD" then assuming you have an ISO image, click
"Write Tracks", then in the right window select the ISO image
to be burnt and click "Add". Then Click "Write tracks" tab and
verify if everything is as you want. Finally click on button
below the window "Write tracks". It will probably ask to insert
a CD, click OK, and away you should go.
Cleaver way to see who is calling a program from the Source Forge
ipw2200 project:
My wireless settings keep being changed!
If you are trying to manually set wireless configuration
settings, you may find yourself fighting for control with your
specific distribution. If you aren't familiar with how your
distribution works, or what might be reconfiguring the wireless
tools, you can try the following:
% IWPATH=`dirname \`which iwconfig\``
% mv ${IWPATH}/iwconfig ${IWPATH}/iwconfig.bin
% echo "#\!/bin/sh
date >> /tmp/iwconfig.log
ps --forest >> /tmp/iwconfig.log
echo \"iwconfig $*\" >> /tmp/iwconfig.log
${IWPATH}/iwconfig.bin $1 $2 $3 $4 $5 $6 $7 $8 $9" > ${IWPATH}/iwconfig
% chmod +x ${IWPATH}/iwconfig
NOTE: You must be root to perform the above. You can test that
the above is working:
% iwconfig
% cat /tmp/iwconfig.log
Tue Oct 5 14:04:51 CDT 2004
PID TTY TIME CMD
16409 pts/1 00:00:00 su
16410 pts/1 00:00:00 \_ bash
24762 pts/1 00:00:00 \_ iwconfig
24764 pts/1 00:00:00 \_ ps
Now, the next time you experience your distribution changing your
wireless configuration, check the contents of /tmp/iwconfig.log.
It will tell you when iwconfig was last executed, what the
arguments were, and what the processes are that were executing at
that time. From this you can typically determine which scripts
on your system are involved in managing your wireless devices.
To restore your system to the way it was:
% IWPATH=`dirname \`which iwconfig\``
% mv ${IWPATH}/iwconfig.bin ${IWPATH}/iwconfig
clock:
Make sure it is set correctly with correct link to timezone.
use the /usr/sbin/timeconfig command to set timezone.
Note, my Compaq CMOS does not work correctly with the
clock set to GMT (UTC) time, so I disabled it. The symptom
is that you are running, the clock is correct, you reboot
and everything is off an hour (or more depending where you
are). You can turn of UTC either with timeconfig or by
editing /etc/sysconfig/clock. On all my other machines, I
run with UTC time set.
You can set the Hardware Clock (BIOS, RTC, ...) by using
the program hwclock -- see the man pages.
E.g. to set the hardware clock to the current system time:
hwclock --systohc
If you set your clock to UTC (a good idea), then you must
have /etc/localtime set correctly to print local time.
Normally, you can just copy the appropriate file: e.g.
for me:
cp /usr/share/zoneinfo/Europe/Zurich /etc/localtime
or alternatively link it.
Clock, setting Time automatically (NTP):
started in /etc/rc.d/rc.local
Note, with RH 7.0, if you install the ntp RPM, there
will be a /etc/rc.d/init.d/ntpd file that you can
edit and the chkconfig to make start automatically.
look in /var/log/ntp for what is happening
note, it typically takes him 5 minutes to sync up
before he starts serving correct time.
see: www.eecis.udel.edu/~mills/ntp for more info
Note: the following command if run as root brutally
rests your clock:
rdate www.switch.ch
/etc/rc.d/init.d/ntpd start to start the NTP deamon
/etc/rc.d/init.d/ntpd stop to stop the NTP deamon
(in older systems it\is called xntpd)
ntpdate -q www.switch.ch to see what would happen if we
attempted to sync to that site.
To check if NTP is running correctly, first do
ntpq -p if it is synchronized, one of the entries
will have an asterisk (*) preceeding its output line.
It prints something like the following:
remote refid st t when poll reach delay offset jitter
==============================================================================
LOCAL(0) LOCAL(0) 10 l 46 64 377 0.000 0.000 0.000
*matou bernina-rz-fddi 3 u 20 64 377 0.186 -0.227 0.004
In this case, ntp is synchronized to my server matou. The items to note are
delay and offset, both given in milliseconds. Delay is the TCP/IP time between
that site and here, and offset is the difference between the local clock and that
clock.
or from a machine on the local net:
ntpq -c peer lmatou
For more details, do as root
ntpq
pe
as
rv nnnn where nnnn is the assID of the server to which you
are syncronized. You will then get a slew of output.
Note, once my ntpd is working correctly, I generally, as root,
do a: hwclock --systohc
Otherwise, my clock tends to be one hour off of the correct time
because of change of daylight savings time.
For more details on ntp see http://www.eecis.udel.edu/~ntp/
For stratum 2 clock servers see
http://www.eecis.udel.edu/~mills/ntp/clock2.htm
Note, you need to run NTP on all your systems, but only one should
access the external clock. All other machines should point to your
NTP server.
For getting NTP to work correctly on Windows XP, here is what John
Walker has to say about it:
Yesterday I upgraded my main development "laptop" from Windows Me to
XP Pro on the Windows side. Everything went quite smoothly, but
after the upgrade I discovered that the Dimension 4 program I've been
using for ages as a Windows NTP client didn't work and, according to
information I found on the Web, doesn't work with XP. Well, XP
includes its own NTP client ("Internet Time" under the time and date
applet -- control panel item), and it has no difficulty synchronising
with my local NTP server, but the default synchronisation interval is
*one week*, which is completely absurd, and there's no way to change
this from the applet. Today I decided to dig in the registry to see
if I could change the interval and, lo and behold, there's a key
called:
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\
TimeProviders\NtpClient\SpecialPollInterval
which is set to 604800 (= 7 * 24 * 60 * 60), a week's worth of
seconds. I changed it to 900, and after manually forcing a resync,
it resyncs every 15 minutes. I might not use so small an interval
if talking to a public NTP server, but since it's my own local
server on Moby, why not? Moby synchronises from two public Stratum 2
servers and everybody else on the LAN gets their time from Moby.
One little note: I never could figure out how to get my NTP server
name into the list of servers in the NTP service dialogue box. Silly
me, simply type it into the edit box, click Apply, and test with
Synchronize Now.
Cups:
Printing:
Cups is the new Linux print spooler. Getting it to work with Windows
is documented in:
http://us1.samba.org/samba/docs/man/CUPS-printing.html
Daemons:
In general, each deamon has a script to start and
stop it in:
/etc/rc.d/init.d/"deamon" {start|stop}
if you don't know the deamon name, simply list the
directory. Some scripts have a {restart} option, but
I have found it unreliable, so I recommend to explictly
do a stop, then a start.
If no script is available, for a "soft" restart by hand do:
ps fax | grep deamon
kill -HUP nnn
or to completely eliminate it:
kill -9 nnn
and
restart the deamon, but you must know the restart
options.
You can use chkconfig to modify automatic start/stop'ing
of daemons. For example, to eliminate the automatic start
on boot of Apache:
chkconfig --del httpd
to make it start at boot time:
chkconfig --add httpd
and to see at which levels it is on:
chkconfig --list httpd
the levels are defined inside the httpd script.
Devices/Drivers:
See man modprobe for manually loading kernel drivers.
RedHat 6.1 and later automatically detects new hardware
on boot and permits configuration.
See man MAKEDEV for description of device names.
cat /proc/devices for list of devices
cat /proc/modules for list of modules
cat /proc/cpuinfo for info on cpu
...
Also, you can lsmod to get a listing of which
modules are loaded. If you want to load additional
modules, use the insmod command.
On RedHat systems, the file /etc/sysconf/hwconf contains
a list of all the hardware found on your system. Though
it doesn't have all the details of everything (e.g. it
lacks memory for the Video card), it does give a good
idea of what you've got, and what should be detected if
you are reloading the system (almost never done on Linux).
Disaster Recovery:
Well, perhaps one day your system will not boot because
something has been wiped out. To boot using the boot
disk (or the CDROM if boot from CDROM is enabled).
Boot, then at the prompt, enter:
linux recovery
This will boot up from the recovery disk (or CD) and
put you into a mini-environment with a number of useful
tools including rpm. Your disks will be mounted under
/mnt/sysimage
First do a "df" to see what is mounted, then
look in /mnt/sysimage/etc/fstab to see what partitions
you had mounted where.
If you need to do an fsck, first unmount all the
/mnt/sysimage partitions, then do
fsck /dev/hda1
...
on all your partitions.
At this point, you can exit and reboot normally (hopefully).
If you must reload rpm's in this state, the RPM
binaries will be in /mnt/source/... if you booted from
the CD otherwise mount the CD.
rpm --root /mnt/sysimage -Uhv --force --nodeps package-name
will generally do the job. For installing a new boot,
do:
lilo -r /mnt/sysimage -v
If you do a lilo in recovery mode, I recommend that the first
thing you do after booting is:
cd /etc
lilo -v
to ensure that the lilo boot image is REALLY correctly installed
on your boot disk.
Oops. I have switched to grub, and it is much more complicated
to install than lilo. Look at the Disaster Recovery chapter of
the Bacula manual to see much more detailed information on this.
Disks:
Adding a new harddisk. First plug it in then reboot.
If all goes well, Linux will recognize it. If it is an
IDE device look in /proc/ide/hdx (where x is the new
drive letter -- the second one is ususally c).
Partition the drive with cfdisk. Recommend:
Partition Size Flag Usage
hdc1 60M Primary Boot or rescue partition
hdc2 xxxM Swap Swap partition (xxx is at least
twice memory size. This is not
needed if you already have a
swap file).
hdc5 yyyM Logical Anything you want
Now that hard disks are much bigger, I'm using the following
partitioning scheme:
Partition Size Flag Usage
hda1 600M Primary /boot
hda2 5G Primary /
hda3 600M Primary Rescue (not yet used)
hda4 Extended
hda5 5G Logical /usr
hda6 xxxM Swap Swap partition (xxx is at least
twice memory size. This is not
needed if you already have a
swap file).
hda7 5G Logical /tmp
hda8 * Logical /home
Note, for a server, it is better to have a separate /var
directory. That way, if you email spool file fills, it will
not hang the machine. A 5G partition should be *more* than
enough.
Format the boot partition with:
mkfs -c -v /dev/hdc1
mkfs -c -v /dev/hdcn (where n are any other non-swap partitions
you created)
mkswap /dev/hdc2 format swap partition
Be sure to use the correct device names (partition numbers)
that were given by cfdisk.
See man swapon for turning on new swap partitions. Look in
/proc/swaps for what swap files you have.
Add the new partitions to /etc/fstab
mount any partitions you want mounted.
Making a partition on the loopback device:
dd if=/dev/zero of=/tmp/disk count=20480
mke2fs -q /tmp/disk
mkdir /mnt/loopback
mount -o loop=/dev/loop0 /tmp/disk /mnt/loopback
creates a 10MB disk partition.
Documentation:
To print a man page (unfortunately without pagenos):
man -t page | lpr
Documentation (online):
see /usr/share for dirctories of
mostly HTML documentation.
also /usr/share/doc
Many RPM installed packages put their documentation in
/usr/doc/"rpm-package-name"
Most programs now put their documentation in:
/usr/share/doc/"package-name"
DNS:
Domain Name Service. You need it if you want the world
to know who your are.
/etc/named.conf -- other files in /var/named
The resolve order is defined in /etc/host.conf
Well, unfortunately the good old nslookup no longer
works as it did before and is going to be depreciated.
The new way to find out about a domain is to use host
or dig. For dig here are a few examples:
dig @sibbald.com sibbald.com mx
print MX records from server sibbald.com for domain
sibbald.com.
dig sibbald.com any
print all records for sibbald.com.
dig @fourmilab.ch sibbald.com any
use server fourmilab.ch to print all info on sibbald.com
The server (@xxxx.yy) can be omitted and it will use
your default server.
look in /var/log/ ... for various files of error messages
and logs. messages is where DNS puts startup messages
/var/log/secure for security items
/etc/rc.d/init.d/named stop -- to stop DNS
/etc/rc.d/init.d/named start -- to start DNS
tail -30 /var/log/messages to see if DNS started correctly
last message should be:
named[nnn]: Ready to answer queries.
kill -SIGINT $(cat /var/run/named.pid) then look
in /var/named/named_dump.db) to see the DNS dump
cd /var/named
dig @rs.internic.net . ns >root.cache.new
- make sure root.cache.new is good
cp root.cache.new root.cache
updates the root DNS cache. You should do this about once
a month. I don't do it with a script because now and then
the output from dig is garbage, which would trash my DNS.
Most common source of problems is that the Connection
timed out.
Now running chrooted named:
#!/bin/sh
mkdir -p /chroot/named
cd /chroot/named
mkdir -p dev etc var/named var/run var/run/named
cp -p /etc/named.conf /chroot/named/etc/
cp -p /etc/rndc.key /chroot/named/etc
cp -a /var/named/* /chroot/named/var/named
chown -R named.named /chroot/named/etc /chroot/named/var/named /chroot/named/var/run
mknod /chroot/named/dev/null c 1 3
mknod /chroot/named/dev/random c 1 8
chmod 666 /chroot/named/dev/null /chroot/named/dev/random
cp /etc/localtime /chroot/named/etc
chown root /chroot
chown 700 /chroot
chown named.named /chroot/named
chmod 700 /chroot/named
add -a /chroot/named/dev/log to "daemon syslogd" in /etc/init.d/syslog
(actually add to SYSLOGD_OPTIONS in /etc/sysconfig/syslog)
stop/start syslog
add -t /chroot/named -c /etc/named.conf to named invocation
(actually add ROOTDIR="/chroot/named" to /etc/sysconfig/named)
stop/start dns
Emulation:
See qemu below:
Evolution:
Was a super replacement for Outlook. After installing, make a copy
of ~/evolution in case something gets screwed up.
Then with version 2.4 upgrade it started crashing all the time.
I mean 3 or 4 times a day. I looked at the source code and realized
it is zillions of lines of complex code totally uncommented.
I gave up and switched to KDE and Kontact. It is not 100% trouble
free, but at least it works, and it is *much* faster than Evolution.
Also in looking at the source code Evolution is a mess.
Files:
Who is using what file "lsof" also sockets.
Make a new filesystem when installing a new hard disk: mkfs
Patition a disk: cfdisk, fdisk, sfdisk
Make a swap file: mkswap See Disks (above).
flash-plugin (Macromedia):
Create new repo:
==== /etc/yum.repos.d/macromedia.repo ===
[macromedia]
name=Macromedia for i386 Linux
baseurl=http://macromedia.rediris.es/rpm/
enabled=1
gpgcheck=1
gpgkey=http://macromedia.mplug.org/FEDORA-GPG-KEY
===
yum install flash-plugin
mkdir -p /usr/X11R6/lib/X11/fs/
ln -s /etc/X11/fs/config /usr/X11R6/lib/X11/fs/config
Graymilter:
From the author at: http://www.acme.com/software/graymilter/
Sendmail includes a facility for plugging in custom mail filters, called
milters. It's documented here. Graymilter uses this facility to implement
graylisting. This is an idea invented by Evan Harris in 2003. Basically,
the first time someone tries to send you mail, you send back a temporary
failure response. A real email system will put the mail into a queue and
re-try it later, at which time the address will have graduated from the
graylist to the whitelist, so the mail will get through. However, spam
engines and worms do not have real email systems. They are optimized for
sending out mass quantities of mail, and they generally do not implement
re-trying. Therefore mail from those sources will not get through.
I used version 1.26.
Check if MILTER is turned on in sendmail:
sendmail -d0.1 -bt < /dev/null | grep MILTER
Modify sendmail.mc
INPUT_MAIL_FILTER(`graymilter',`S=unix:/var/run/graymilter.sock, T=S:4m;R:4m')
Modify the /etc/init.d/sendmail script to include:
graymilter -initialwhitelist /etc/mail/milter-whitelist \
unix:/var/run/graymilter.sock
After installing it, see man graymilter
Hardware:
What hardware is connected to your PCI card?
lspci [-v]
KDE:
Much better as a desktop (IMO) than Gnome. See above under
Evolution for comments about Kontact.
Kernel building:
Load RedHat source kernel-source-.i386.rpm
cd /usr/src/linux-
make mrproper
Get a valid .config file.
make xconfig
make dep
make clean
make bzImage
make modules
make install
make modules_install
cd /etc
Update lilo.conf
lilo -v
(or now days grub)
Kernel Updating:
See: http://www.redhat.com/support/resources/howto/kernel-upgrade/
I recommend that you do "rpm -hiv kernel-xxx" rather than use the
-U option. This is because the -U option will remove your old
kernel. It is better to keep it and when you are sure the new
one is good, to remove it by hand using:
rpm -e old-kernel
NOTE: very important, if you boot from a SCSI disk,
you MUST make a new initrd-xx.img otherwise you may not be
able to boot.
Also, you need to update /etc/lilo.conf to contain the new
kernel name (obtained by ls -l /boot).
IMPORTANT: don't forget to do:
lilo
after updating /etc/lilo.conf. It is not done automatically.
If you are using grub, simply edit /boot/grub/grup.conf -- no
need to execute anything.
Be sure to ALWAYS make a backup boot disk for each version
of the kernel. See Boot Disk and Disaster Recovery.
If you are using grub as a boot loader (RH 7.2), edit
/boot/grub/grub.conf to change what is booted. No need to
update anything more than this file to get a new system
to boot (i.e. no equivalent to lilo).
Keyboard:
Assuming you use X, to remap keys, look at xmodmap.
E.g. xmodmap -e 'keycode 22=BackSpace'
It is usually called from .xinitrc
See the man pages for more info.
Got accents working on Linux. Rewrote us-latin1 keyboard file.
It is in /lib/kbd/keymaps/i386/qwerty/us-latin1.kmap.gz
You must put "us-latin1" in the /etc/sysconfig/keyboard file
as well as in /etc/X11/XF86Config file. Add
XkbLayout "us-latin1"
Logout of GNOME, then restart X with ctl-alt-backspace to get
new values loaded. If you know of a more gentle method,
please let me know.
man keymaps
man loadkeys
Under Gnome, everything changes, and in general, you set "us_intl"
in your xorg.conf file, then it uses the xmodmap keytable in
/usr/share/xmodmap/xmodmap.us_intl
Libraries:
Library directories automatically searched by the linker are
defined in /etc/ld.so.conf. I believe that these are for
dynamic libraries. In any case, you must run:
/sbin/ldconfig
after changing /etc/ld.so.conf in order to update
/etc/ld.cache, which is what the runtime loader (DLL loader)
ld.so uses to find dynamic libaries. A valid ld.so.conf
is:
/usr/lib
/usr/i486-linux-libc5/lib
/usr/X11R6/lib
/usr/kerberos/lib
/usr/lib/qt-1.45/lib
I watch the RedHat Advisory site fairly closely and frequently
update my system when there are security patches. I usually test
them on my development machine for a week or two before installing
them on my server. Until recently, I have never had any problems,
but it appears that one of the RedHat 7.0 update patches blasted
away my /etc/ld.so.cache and emptied my ld.so.conf file. The
perversity of this is that everything seems to run fine until you
need a "non-standard" dynamically linked library that is in a
non-standard location (not in /lib or /usr/lib). I ran into this in
trying to run smbclient, which I don't do very often. When you run
the program it simply says that it cannot find some weird named
library file like kerberos457xx.so.3
Well, the solution is to restore /etc/ld.so.conf (it is most likely
sitting in /etc/ld.so.conf.rpmsave), then as root do what is not
totally obvious, run:
/sbin/ldconfig
which rebuilds all the necessary links.
Some useful programs for dealing with libraries, objects, and
binary files:
ar - create an archive (i.e. library xxx.a file)
objdump - prints info on object file
stings - print all strings in a binary file
nm - list the symbol table of an object file
ldd - list shared libraries needed by binary file
strip - strip symbol table and debug from a binary file
Mounting CDROMS and Diskettes:
use the X application: usermount
you must have appropriate entries in /etc/fstab
that permit users to mount the cdrom.
CDROMs are now automatically mounted on RedHat systems
running Gnome.
Mozilla Mail:
It tends to get out of sync. For example, my Sent folder has
problems (sending mail gets error attempting to save sent mail).
Delete /home/kern/.mozilla/kern/7ntf5xfn.slt/ImapMail/ImapMail/lmatou
corrects the problem.
I've now totally converted to Evolution. It is was great until version
2.0.2.
For more see Netscape topic.
Network:
ping {known site with name in hosts} - first line of testing
/etc/rc.d/init.d/inet restart to restart network.
Note, inet is now replaced by xinetd in RH 7.2 and later.
look in /etc/xinetd for the configuration files.
/etc/rc.d/init.d/network stop/start
ifconfig to examine ethernet cards
route to see the routes
netstat to see status of a lot of stuff. "netstat -vat" for
a little info, and "netstat -an" for a lot.
To see the other computers that yours is talking directly to.
i.e. ethernet card to ethernet card connections.
arp -vn -a
tcpdump to watch traffic.
tcpdump -ip eth1 to watch on ethernet 1
be sure to use p option so that device is not
left in promiscuous mode.
to remove promiscuous mode.
ifconfig eth1 -promis
be sure to have full hostname in /etc/hosts
e.g. 192.168.xx.xx machine2 machine2.sibbald.com
Netscape:
Mozilla:
Galeon:
Note, I no longer use Netscape, though it is
loaded on my machine. I use Galeon and occassionally
Mozilla. (Mozilla must be loaded for Galeon to work).
Plugins: http://wp.netscape.com/plugins/index.html
For me, Mozilla is loaded in /usr/local/mozilla
To make plugins work, just drop the .so into
/usr/local/mozilla/plugins. Mozilla is required
for a number of packages such as Galeon, so even if
you use only galeon, you must load Mozilla. I have
never been able to get the RedHat rpms to work the
way I want, so I move them to another directory
they are located in /usr/lib/mozilla.
Loading a new copy of Mozilla:
- download Mozilla from www.mozilla.org (current
version is 1.1 as of 3 Nov 2002.
- Detar it producing mozilla-installer.
- If you haven't already, save your old version:
mv /usr/local/mozilla /usr/local/mozilla-1.x
- cd mozilla-installer
- ./mozilla-installer
- Aswer a few dialogs (license, ...) until install
setup dialog appears.
- Important, choose Custom installation !!!!
If you really want you can change the installation
directory. I use the default. This prevents
it from being wiped out by a RedHat Mozilla during
upgrade.
- If you have a previous version, it will tell you.
Simply click Delete.
- Now select components you want. The only two I
load are Navigator and Personal Security Manager.
Without Personal Security Manager (nss I think),
you cannot access https (ssl) pages.
- You can setup a profile if you want, I don't use it.
- Now, important, recopy your plugins from your old
version to the new one, since there is nothing in
the new one. E.g. during upgrade from 1.0 to 1.1
I did:
cd /usr/local
cp -a mozilla-1.0/plugins mozilla/
To get java working. I downloaded Sun Java 2 and
copied the whole java2 directory to
/usr/mozilla/plugins. Then I
cd /usr/mozilla/plugins
ln -s /usr/local/mozilla/plugins/java2/plugin/i386/ns600/libjavaplugin_oji.so libjavaplugin_oji.so
plugger is probably the most useful plugin. See:
http://fredrik.hubbe.net/plugger.html His README
gives the necessary steps to make it work. I did
the "global" install.
Plugins. Download them from the Netscape plugin
library and place them in /usr/local/mozilla/plugins.
See: http://wp.netscape.com/plugins/index.html
NOTE. Everything is now in /usr/lib/mozilla-1.0.1 This apparently
depends on whether you install directly or use some mozilla.rpm.
If you want a better browser download Mozilla from
www.mozilla.org and install it (I have been unable to
properly install any rpm so do it from the .bin). Then
get Galeon from galeon.sourceforge.org. Galeon is the
best. Getting the Java plugin to work is a bit of a
pain. I think I finally accomplished it by launching
Galeon as root, clicking on a site that required
Java then letting it do the fetch and install. I pointed
it to my mozilla directory /usr/local/mozilla. Watch out
/usr/local/mozilla is the default directory for installation
with the .bin release (which is what I use). The rpm
will install it in /usr/lib/mozilla and this can cause confusion.
If you want the best Email program (a knockoff of Outlook)
get Evolution from www.ximian.org. I wouldn't use anything
else! If you install mozilla from the .bin rather than from
an rpm, you will need to do a --nodeps on installation of
Galeon and Evolution, but BE CAREFUL to do so only if
mozilla is the only missing dependency AND you have already
loaded the .bin. In that case, everything works fine.
Installing new galeon. rpm -Uhv galeon-1.2.5.rpm --nodeps
Setting galeon as the default browser, RHEL 3.0,
Preferences->Preferred Applications->Web Browser
Set Command: galeon --new-tab --noraise "%s"
NFS:
You must setup /etc/exports to be able to export volumes
to be mounted by NFS.
Also, the NFS daemon must be running.
See /etc/rc.d/init.d/nfs
Finally, the portmap service must be running.
See /etc/rc.d/init.d/portmap
To see what services another system is running, enter:
rpcinfo -p "system"
You will probably get something like:
rpcinfo -p matou
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100021 1 udp 1024 nlockmgr
100021 3 udp 1024 nlockmgr
100024 1 udp 1025 status
100024 1 tcp 1024 status
100011 1 udp 760 rquotad
100011 2 udp 760 rquotad
100005 1 udp 1029 mountd
100005 1 tcp 1025 mountd
100005 2 udp 1029 mountd
100005 2 tcp 1025 mountd
100003 2 udp 2049 nfs
Much of NFS has been moved into a kernel module in
2.4.x kernels.
Palm Pilot:
I use the gnome-pilot applet to synchronize with Evolution.
One day, it stopped this went on for months and months, until
*finally* I realized that something had reset the permissions
of /dev/ttyS0. You either need to make it world read/write or
change the owner to yourself (or both as I did). Too bad the
silly program doesn't report this!
Passwords:
If you haven't already turned on shadow passwords, you should.
pwconv turns on shadow passwords, and
pwunconv turns off shadow passwords. The equivalents for groups
are
grpconv and
grpunconv
see: man pwconv for more information.
pwck checks the password files for inconsistencies.
Look at /etc/login.defs for parameters that determine required
password length, expiration period etc.
A lot of connections/passwords/authorizations are run through PAM,
which for configuration purposes is beyond me. However, the control
or configuration files reside in /etc/pam.d If you are having remote
login (or Samba) problems, you might check there.
PCI:
lspci -v shows what hardware is connected to your pci card.
pdf viewers:
ggv -- nice for printing only a few pages
xpdf
acroread
Performance:
There are quite a few performance management tools (see the man
pages for details on the programs listed below):
Network:
netstat
Open files:
lsof
Trace a program's system calls:
strace
Trace a program's library calls:
ltrace (on Sun systems this seems to be struss)
Virtual memory (and other resources):
vmstat
top
free
CPU and IO usage:
iostat
Shared memory usage:
ipcs
Perl:
An interpreted language very useful for writing CGI programs.
To find perl modules:
perl -MCPAN -e shell
h
Example: find and install Gnome module:
cpan> m /Gnome/
Module GNOME::GNORBA (O/OT/OTAYLOR/GNOME-GNORBA-0.1.0.tar.gz)
Module GNOME::GOAD (O/OT/OTAYLOR/GNOME-GNORBA-0.1.0.tar.gz)
Module Gnome (K/KJ/KJALB/Gtk-Perl-0.7000.tar.gz)
Module Graphics::Simple::GnomeCanvas (L/LU/LUKKA/Graphics-Simple-0.04.tar.gz)
cpan> install Gnome
Running make for K/KJ/KJALB/Gtk-Perl-0.7000.tar.gz
Fetching with Net::FTP:
ftp://ftp.demon.co.uk/pub/mirrors/perl/CPAN/authors/id/K/KJ/KJALB/Gtk-Perl-0.7000.tar.gz
According to Simon Cozens: (cool)
Perl modules have too many well-kept secrets, and it's not your fault
you don't know about this one: "perldoc perllocal" will tell you all
the modules you have installed.
CPAN stores all the tar files it downloads in ~root/.cpan/sources/authors
Use: "o conf init" at the cpan prompt to reconfigure.
PGP:
Pretty good privacy. Also known as GNUPG or gpg on Linux systems.
To correspond with people in the US, you must get the latest version
of gnupg (I'm using 1.0.7) and add the idea.c cipher -- not so easy
to do even if you can find the code.
"gpg --version" tells you what ciphers, ... that you have.
Options used by Evolution in calling gpg:
--verbose --no-secmem-warning --no-greeting --yes --batch --armor -r xxx@yyy.com --output - --encrypt
where xxx@yyy.com is the recepient address. You need to feed this
to gpg to ensure that it works. If it says bad address, it is because you
have not set the key trust. To do so, use the command line interface.
gpg --edit-key xxx@yyy.com
trust
5 (for ultimate)
save
setting it to 4 or less will not work!
Get a copy of gpa, which is a Windowing (Gtk+) version of the
key manager.
To search for a key, look it up on www.keyserver.net
Once you know the keyid, use:
gpg --keyserver www.keyserver.net --recv-keys keyid
or
gpg --keyserver pgp.mit.edu --recv-keys keyid
to retrieve the key. keyid is typically an 8 digit hex number.
Printer:
Configure network printer using control panel. Used printer
exported from minimatou (Win32 machine). Chose HP DeskJet 550,...
3 Normal color; Fix stair-step; fast text printing. This works
great for the Epson Stylus Color series also (I have a 740 model).
A4. Apparently, Linuxconf works pretty well now (RedHat 6.1).
I haven't tried it lately.
See Cups above.
Problems:
All my CPU time was being consumed. The first time, I rebooted
the machine. The second time, I got a bit smarter and ran "top".
Don't try to run it in the background as it is a "curses" type
program. Top displays the programs that are using the most CPU.
I had two control-panels running, each consuming 48% of the CPU
(this was in RH 5.2).
Process:
Run "top" to see who is doing what.
Run "ps fax" to see the parent child relationship.
To see more information run "ps -uax"
last gives that last connections that were made to the
machine.
look in /var/log/messages for boot messages.
gtop is a nice graphical version of top.
qemu:
A very fast simulation program that allows you to boot anything
on your computer. I used for rapid development of the Bacula rescue
cdrom:
qemu -cdrom bootcd.iso
boots the bootcd.iso image. It runs extremely fast.
Rdist:
A program to synchronize files on two different computers.
Using ssh:
rdist -f list -P /bin/ssh -p /usr/sbin/rdistd -F
# add -D for copious debug output
contents of list
HOSTS = ( other machine )
FILES = ( /home )
( ${FILES} ) -> ( ${HOSTS} )
install /home ;
notify root ;
In most cases if you can do an NSF mount, I find:
cp -rpudf "source" "destination"
to work equally well (much simpler too).
Rsync:
Apparently a faster way to synchronize files than
rdist. It transfers only differences.
RPM packages:
gnorpm& for Gnome RPM interface. I still prefer to do it by
hand.
use:
for maximum info including file locations use -vv
rpm -ivvh "package"
to install a package. If you load the sources from disk 2
they go in /usr/src/redhat/SOURCES
to query a package:
rmp -qip package
to query a package and list all files:
rpm -qipl package
to see if a package is loaded:
rpm -q "package-base-name-with-version" (e.g. samba)
to find out what package a file belongs to:
rpm -qf "file"
to update an existing package or install new one with a new version:
rpm -hUv package
to update an existing package with a new version (requires package
to already be installed! -- great option)
rpm -Fhv package
to list all packages installed:
rpm -qa
to get rid of an installed package that has dependencies (normally
so it can be reloaded:
rpm --erase --nodeps --allmatches package
Important: install rpmfind and rpm2html!
after installing a new rpm run rpm2html
Under RH 7.0 and greater I have not been able to make
these two programs work. Too bad as they are REALLY
nice.
check package MD5 integrity before installing with:
rpm -K --nogpg *.rpm
PGP or MD5 in caps means it is not OK. Lower case
is good.
To check the integrity of your files versus the RPM database,
run:
rpm -Va
or for a single package use:
rpm -V "package"
Codes: c -> config file; . -> test passed ? -> no test
Failures because of differences
5 MD5 sum error
S File size difference
L Symlink
T Mtime
D Device
U User
G Group
M Mode (permissions and file type)
To rebuild the database. Needed from time to time (once a year) to
cleanup the database, or if it is terribly slow, or if rpm seems to
hang:
rpm --rebuilddb
See above under libraries if you have linking problems after
installing new RPMs.
Samba:
Samba allows access of Win32 (with smbmount) files and allows Win32
to mount Linux file systems.
To stop samba: /etc/rc.d/init.d/smb stop
to start samba: /etc/rc.d/init.d/smb start
to check:
smbclient -L "hostname"
look in /var/log/samba/log.smb and /log.nmb for problems.
I needed to define /etc/lmhosts
Note: with RH7.0, the Samba configuration files now are in
/etc/samba rather than /etc except smbpasswd which is in
/etc/smbpasswd.
You can even access a Linux CDROM on a Win32 machine:
smbmount //win32host/CDROM /mnt/cdrom
amazing!
SCSI boot:
I don't particularly like SCSI disks, but some installations do
have them and boot from them. As noted under Kernel update, you
must be careful to have initrd.xxx.img available when booting.
Another problem is adding an IDE disk. After doing so, Linux will
want to boot from the IDE disk rather than from the SCSI disk, so
*before* adding and IDE disk, modify your boot setup as follows:
lilo add to /etc/lilo.conf:
disk=/dev/sda
bios=0x80
disk = /dev/hda
bios=0x81
grub add to /boot/grub/device.map
(hd0) /dev/sda
I've tried the lilo change and it works, but I haven't tried
the grub change.
sendmail:
be sure to set a fully qualified hostname
such as matou.sibbald.com into
/etc/HOSTNAME
otherwise sendmail will start slowly trying
to figure out what is the correct domain.
sendmail -bt -d0.4 </dev/null
for compile options and system names
Make sure you domain names and subdomain names are
correct. This means to either have them defined
in DNS, or as I do have them defined in hosts.
However, in hosts, be sure to have fully qualified
name:
192.168.1.1 name name.sibbald.com
To restart sendmail
/etc/rc.d/init.d/sendmail restart {start|stop|restart|status}
Take the time to learn how to generate a sendmail.cf
file from a sendmail.mc (using m4. It is really easy).
This is the ONLY way to go. No more editing sendmail.cf.
Here is my sendmail.mc file:
divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl # make -C /etc/mail
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`Matou MTA')dnl
OSTYPE(`linux')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST',`localmatou')
dnl #
define(`confSMTP_LOGIN_MSG', `$j Matou MTA/2.0; $b')dnl
define(`confDEF_USER_ID',``8:12'')dnl
undefine(`UUCP_RELAY')dnl
undefine(`BITNET_RELAY')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE',`/etc/mail/aliases')dnl
dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
dnl define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `goaway,authwarnings,novrfy,noexpn,restrictmailq,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl #
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl # make -C /usr/share/ssl/certs usage
dnl #
dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl
dnl #
define(`confTO_QUEUEWARN', `4h')dnl
define(`confTO_QUEUERETURN', `5d')dnl
define(`confQUEUE_LA', `1000')dnl
define(`confREFUSE_LA', `2000')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
dnl # reduce spam
dnl # reduce spam
FEATURE(`dnsbl', `dnsbl.njabl.org', `Rejected spammer $&{client_addr} -- see http://njabl.org/')dnl
FEATURE(`dnsbl', `relays.ordb.org', `Rejected spammer $&{client_addr} -- see http://ordb.org/')dnl
FEATURE(`dnsbl', `sbl.spamhaus.org', `Rejected spammer $&{client_addr} -- see http://spamhaus.org/sbl/')dnl
FEATURE(dnsbl, `opm.blitzed.org', `Rejected spammer $&{client_addr} -- see http://www.blitzed.org/opm/')dnl
dnl #
dnl INPUT_MAIL_FILTER(`Xspf-milter', `S=local:/var/spf-milter/spf-milter.sock, T=C:4m;S:4m;R:8m;E:16m')dnl
EXPOSED_USER(`root')dnl
dnl #
dnl # Limit the MSA to the loopback
dnl #
DAEMON_OPTIONS(`Name=MSA, Port=587, Addr=127.0.0.1, M=E')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires
dnl # a kernel patch
dnl #
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
dnl FEATURE(`accept_unresolvable_domains')dnl
dnl #
dnl FEATURE(`relay_based_on_MX')dnl
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
LOCAL_DOMAIN(`localhost.localdomain')dnl
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
MASQUERADE_AS(`sibbald.com')dnl
FEATURE(`allmasquerade')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
On any internal machines that forward mail to the main mail hub, the
"SMART_HOST" line is enabled. Please note that the local-host-names
in /etc/mail on the internal machines MUST be empty or the mail will
be delivered locally despite the SMART_HOST tag being defined.
To check that the anti-spam rule (the last one sbl.spamhaus.org)
is working, try (no need to bring down sendmail or be root):
m4 /etc/sendmail.mc >/etc/sendmail.cf
sendmail -bt -C /etc/sendmail.cf
.D{client_addr}127.0.0.2
Basic_check_relay <>
ctl-D -- to get out of sendmail
should get back something like:
Basic_check_rela input: > >
Basic_check_rela returns: $# error $@ 5 . 7 . 1 $: Rejected spammer 127 . 0 . 0 . 2 -- see http : / / spamhaus . org / sbl /
If you get back:
Basic_check_rela input: < >
Basic_check_rela returns: OKSOFAR
it is not working.
Note, the 127.0.0.2 is simply an IP address that is guaranteed to
be in the spam list of the site you are using. It allows testing
of your rules. You may need to replace the 127.0.0.2 with another test
address depending on the site you are using. For example, the US
version of spamhaus uses 127.0.0.6 as the test bad address.
To check if relays.ordb.org is working, just send an email to
ask-block-test@null.dk The response that you get will be
clear.
If you want to see what is going on with sendmail use:
mail -v <address>
or
sendmail -v -t
To: name@site.com
From: name@site.com
Subject: test mail
Test mail
.
to test if sendmail relays or not (an open relay is VERY bad)
telnet <site> 25
ehlo site.com
mail from:name@site.com
rcpt to:xxxx@yyyy.com
data
test
.
Also, after the ehlo command, try the following and ensure
that they are rejected:
vrfy root
expn all
To receive email on another machine, you will normally
need to have a POP3 and/or IMAP server running. See inetd.conf.
If you have problems connecting from Outlook, Microsoft
provides no way to debug what is happening (at least
not documented for users). You can test the POP3 connection
by logging in from Telnet:
telnet port 110
USER your-email-account
PASS xxxx
If you host multiple domains as I do, be sure to put the
domain names in /etc/sendmail.cw. For example, my file
looks like the following:
# sendmail.cw - include all aliases for your machine here.
# this is now in /etc/mail/local-host-names
sibbald.com
fatou.sibbald.com
sibbald.ch
Finally, if you have other machines on your local network that
send and receive email, besure to put the appropriate definitions
in /etc/mail/access to allow "relaying" for example:
# Check the /usr/doc/sendmail-8.9.3/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/doc/sendmail-8.9.3/README.cf is part of the sendmail-doc
# package.
#
# by default we allow relaying from localhost...
localhost.localdomain RELAY
localhost RELAY
192.168.0 RELAY
Serial ports:
They are normally /dev/ttyS0, ...
To get more information try:
setserial -a /dev/ttyS0
Shared Memory:
Apcupsd and some other programs use shared memory. To see
the system's idea of what is allocated, use:
ipcs
SSH:
Install ssh for secure transfer of data. A bit complicated.
There is now an OpenSSH project. Don't allow root login
or password authentication if you want reasonable security.
If possible, use only SSH 2 protocol.
Connecting OpenSSH with the commercial SSH Communications
Security Ltd ssh. To OpenSSH from SSH CS Ltd, on the SSH CS
machine, generate keypair (or use an existing key pair):
ssh-keygen2 -P -o xxx
Modify ~/.ssh2/identification to have
IdKey xxx
Make sure xxx and xxx.pub have -rw------- permissions (600).
Transfer xxx.pub to the OpenSSH machine preferably with
cut and paste over a secure line.
On OpenSSH machine run: ssh-keygen -i -f xxx.pub >yyy
Add the contents of yyy to your .ssh/authorized_keys2
file. It is a single line, but you can add some
identification to the end of the line separated by a
space, if you wish.
You should now be able to login to your OpenSSH machine
from your CS machine.
Connecting from OpenSSH to SSH CS Ltd, on the OpenSSH
machine, generate a keypair (or use existing pair):
cd ~/.ssh
ssh-keygen -t dsa -f id_dsa
Convert the key to SSH CS Ltd format:
ssh-keygen -e -f id_dsa.pub >zzz.pub
Transfer zzz.pub to the SSH CS Ltd machine preferably with
cut and paste over a secure line.
On the SSH CS machine, modify ~/.ssh2/authorization to have:
Key zzz.pub
Make sure all permissions of all files are 600.
You should now be able to login to the SSH CS machine
from your OpenSSH machine.
Note, SSH CS Ltd programs are really quite poor. For example,
after creating the keypair without a password, there appears
to be no way to add a password. Boohiss. OpenSSH provides
this capability making key exchange/management much
easier. Bravo.
System call tracing (strace):
See Performance:
System installation/upgrade: (RedHat) -- see Upgrading below ...
To check what really happened during install/upgrade,
look at the rpm log file in /tmp/upgrade.log
To make a emergency boot disk (RedHat 6.1 upgrade did not
do so by default):
uname -a
(it prints: Linux polymatou 2.2.12-20 #1 ....
put floppy in drive
mkbootdisk 2.2.12-20
System logging:
/etc/syslog.conf -- configures logs
most logs are in /var/log/xxxx
to restart after changing config file
kill -HUP $(cat /var/run/syslogd.pid)
Tape drives:
/dev/nst0 for first non-rewinding scsi drive. If something
hangs, try:
ps -eo cmd,wchan
ps -eo fname,tty,pid,stat,pcpu,wchan
ps -eo pid,stat,pcpu,nwchan,wchan=WIDE-WCHAN-COLUMN -o args
To be able to use tape drives on new kernels, one needs
to enable udev. For my setup, I have added:
/etc/udev/rules.d/40-kerns.rules
===
# Devices used by Kern
KERNEL="hiddev*", NAME="usb/hiddev%n"
KERNEL=="ttyS*", OWNER="kern",GROUP="uucp", MODE="0660"
KERNEL=="st*", OWNER="kern",GROUP="disk", MODE="0640"
KERNEL=="sg*", OWNER="kern",GROUP="disk", MODE="0640"
KERNEL=="nst*", OWNER="kern",GROUP="disk", MODE="0640"
===
terminal:
tic (terminfo compiler)
infocmp xterm -- printers terminfo entry for xterm
terminfo compiled entries are in /usr/share/terminfo/x/xterm
Updates:
See: http://oss.redundant.com/pub/party-updates/
for older RedHat updates.
X11:
ctl-alt-backspace kills the X server. Normally you
won't need this, and it is not advisable as Gnome
will not save its setup and may even loose some
panel applets, but if everything freezes (especially
if trying to run a java applet) try ctl-alt-backspace
before rebooting.
Xconfigurator doesn't seem to be on RHEL 3.0 systems.
When in trouble, modify /etc/inittab so that Linux
starts in level 3. Then when logged into root do
startx 2>1 1>1
If the screen is messed up, enter ctl-alt-backspace
and examine the error messages in file 1.
Run Xconfigurator to configure your display.
It puts the output in /etc/X11/XF86Config
You can then do:
telinit 3
and
telinit 5
To reset the X11 system.
If running with xdm then in home directory
.wm_config has the name of the window manager
to run. It can be: AfterStep, WindowMaker,
Fvwm95, or Mwm. Under RedHat 6.0, use GNOME, or
possibly KDE.
see /etc/X11/xinit/xinitrc and Xclients for
details.
xset to display screen things that can
be set e.g. the screen saver.
xset q to query screen state.
/etc/X11/xinit/Xclients is startup if you
do not have ~/.Xclients see /etc/X11/xinit/xinitrc
xiterm is an international terminal emulator that has
a smaller memory footprint because it does not have
the Tektronics code. Nice options for starting is:
xiterm -sl 1000 -geometry 80X60
Highlighting characters causes them to be tranferred into
the copy buffer (sort of clipboard). Clicking the middle
button (or on a 2 button mouse, the two buttons
simultaneously) causes the characters to be pasted.
/etc/X11/xdm/Xservers (add other machines on local net)
/etc/X11/xdm/xdm-config (add other machines on local net)
/etc/X11/xdm/Xaccess (add machines to %hostlist)
%hostlist machine1 machine2 ...
To be able to connect with an xdmcp session from another
machine, you need to set Enable=1 in the [xdmcp] section
of /etc/X11/gdm/gdm.conf also, you must add the machine
name in the [servers] section.
If you are running GNOME, try adding:
"remote-machine-name":0=/usr/bin/X11/X
to the list of [servers] in /etc/X11/gdm/gdm.conf
Adding new hosts to the list of hosts permitted to access X
on your system can be done with the xhost program.
See "man xhost"
I don't use Windows much any more, but *many* years ago,
here are a couple of things I used.
I use the Windows X-Win32 Version 5.0 from StarNet (www.starnet.com)
to access the GUI interface of my Linux machines. It is commercial,
not very expensive, and a very good program.
I use SecureCRT version 3.1 by Van Dyke Technologies, Inc
(www.vandyke.com) to access my Linux machines
in termal mode(this is my normal way of accessing them). On the
Linux end, I use OpenSSH OpenSSH_2.2.0p1, protocol versions 1.5/2.0
to provide the secure connection. SecureCRT is
commercial software, very nice, and not very expensive.
Upgrading: How I keep my system up to date.
Update:
Upgrade:
If you want, you can sign up of RedHat service. From what I see, it
is really cool, but you have to pay for it. I strongly recommend against
automatic updating of your system as Microsoft does. This leads to
instability.
Before any system upgrade, save the following files:
/etc/hosts
/etc/passwd
/etc/group
/etc/shadow
/etc/fstab
/etc/modules.conf
/etc/exports
/etc/sendmail.mc
/etc/sysconfig/network
/etc/sysconfig/network-scripts/ifcfg-eth0, 1, ...
and the following directories (or the important parts)
/etc/mail
/etc/httpd/conf
/etc/samba
/etc/mtab (not really necessary)
output from df
/etc/X11/XF86Config
output from rpm -qa
Actually, I now make a full copy of /etc someplace in my
/home directory. This means that all the above directories
and files are available.
Make a hardcopy or printout of:
Your Horiz and Vert frequencies from /etc/X11/XF86Config as well
as your Driver type, depth and resolution (e.g. 1280X1024).
The output of df so you know what partitions you have
/etc/sysconfig/network
/etc/sysconfig/network-scripts/ifcfg-eth0, 1, ...
The first five can simply be copied over any changed file after the
update, the others can be used to figure out what is going on or what
needs to be change.
Personal files needed:
Galeon/Netscape bookmarks
Local Sent mail folder
.gnupg directory
.bash*
.rpmmacros
.rpmrc
.cvsrc
.ssh directory
.galeon (bookmarks, possibly save as)
.gftp (bookmarks)
Here is how to handle upgrading "by hand" but in a way that you
keep control over what you do. You are assumed to be root.
1. cd /root
2. The first time you are doing this, and only the first time, do:
rpm -qa >installed-packages.txt
3. mv installed-packages.txt installed-packages.txt.date
where date is something like 30Aug02. Why? You now have
a snapshot of what you had before you make any changes. You
can easily back-out only the changes you made.
4. Define a place to keep ALL rpm Updates to your system. I
use /home/src/RedHat7.3 (where the 7.3 changes for each OS upgrade
as I sometimes have different OSes on different systems).
In this directory, make a subdirectory named "installed".
5. Using gftp download ALL RedHat updates. For example, for
7.3, you will find them at various mirrors and on RedHat.
6. You may now apply the updates individually, partially, or all at
once with something like:
rpm -Fhv *.rpm
7. After you apply a package move it to the installed subdirectory.
Any packages that you do not install, you should also move to that
directory.
8. You may not want to include your kernel in step 6. I prefer to do
an "rpm -ihv kernel..." on my kernel and then later when I am sure
the new kernel boots correctly, I do an "rpm -e kernel-xxx" on the
OLD kernel to get rid of it. If you use the -F option, it will
replace your old kernel with the new one. This is OK 99.9% of the
time, but ...
9. cd /root
10. If you haven't done step 3, do it now. Then do
rpm -qa >installed-packages.txt
Now the next time you need to do an update, it is easy.
- Do step 3 above
- Run gftp, in the local window cd to your installed directory containing
all previous packages (installed or not). Click on the "Tools" menu
item and select "Compare Windows". cd up one level in your local window
to /home/src/RedHat7.3. Click on the left arrow to transfer all new
packages since your last update into your RedHat7.3 directory,
then go to step 6 above (apply the updates you want and move them
into the installed subdirectory). So you now have a little mini-version
tracking system that you run manually for full control. You are always
sure that you have applied all the updates, and if not, you can
quickly check. The big "trick" or help is the "Compare Windows" option
of gftp.
up2date:
yum:
Two complementary methods for downloading and installing new rpms
on your system. I particularly like yum.
Conf files: up2date: /etc/sysconfig/rhn/sources
yum: /etc/yum.conf
Downloads: up2date: /var/spool/up2date
yum: /var/cache/yum/updates-released/packages