This is my "cheat sheet" for RedHat Linux systems.
Latest update 02 January 2005.

Note, some of these commands may not be available on
other systems, and some of the stuff is a bit old. I do
try to clean it out from time to time ...

When starting with Unix, there are a lot of new names, files, 
and other things to remember. This file is a very condensed 
listing of things that I used more than one time in setting 
up my site. It is roughly listed by topic so that I can quickly 
look up something with my editor rather than searching through 
10 different books.

By the way, if you want a single book that has much of what is
presented here and a lot more in a Quick Reference format, 
take a look at:

    Linux in a Nutshell, Ellen Siever and the Staff of O'Reilly &
                          Assiciates, Inc, published by O'Reilly.

A good online resource that gives most of this information and more
can be found at: http://jgo.local.net/LinuxGuide/

Acrobat Reader:
   If you don't have it, just download it from Adobe. There
   is also a plugin, very useful, download it and drop it
   into /usr/local/mozilla/plugins. It is in  
   /usr/local/Acrobat4/Browsers/intellinux/nppdf.so
   For more see Netscape topic.

Apache:
   To start, stop, ... Apache, use:
       /etc/rc.d/init.d/httpd [start|stop|restart|reload|status]
   You can read about its progress by issuing: 
       tail -f /var/log/httpd/error_log
   Check new configuration rules in /etc/httpd/conf/xxx.conf with
       httpd -t
   restart Apache if dead:
       /etc/rc.d/init.d/httpd restart
    NOTE: if you add a virtual host, be sure to add a
       /var/log/httpd/"virtual-host-name" directory for the
       log and error_log or httpd will not start.
    Be sure to run your Apache with a userid other than
       root (User and Group in httpd.conf).

Boot:
   See qemu below:

   The boot process calls /etc/inittab to get going.
   The level specified on the id line (id:5:initdefault)
   is the initial boot level (the above, 5, being X11)

   Your machine has rebooted and something important scrolled
   off the screen?  Well, type:

     dmesg
    
   In the file /etc/rc.d/rc.sysinit is called once at boot
   time. There are a number of interesting things in this
   file.
  
   In RH7.0 and greater sysctl is called in rc.sysinit

   There are a lot of programs that are automatically started.
   On RedHat systems, use chkconfig to manage these files
   (files found in /etc/rc.d/init.d/"daemon-name". See
   Daemons below for more details on chkconfig.

   Unlike Windows, you should only have to reboot Linux when you install
   a new kernel, or as a simple precaution every six months or so.  If
   you find yourself rebooting for other reasons, you are probably doing
   something wrong.

   Customizing your boot. I add a single line to /etc/rc.d/rc.local
   that simply invokes /etc/rc.d/my.rc.local, which contains
   all my firewall rules, and things particular to my machine.
   This means only a one line change every time I upgrade
   the OS. More recently RedHat has added a /etc/sysconfig, which 
   contains the scripts for starting lots of services and for 
   customizing the services.

Boot disk:      
   See qemu below.

   To make an emergency boot disk, find the name of the
   Kernel with:
          
     ls -l /boot

   then put the name less vmliux- on the mkbootdisk line:

     su
     mkbootdisk --device /dev/fd0 2.2.17-14

   See Disaster Recovery for how to use the boot disk.

   It is VERY important to make a boot disk after each kernel
   upgrade. Otherwise, you may find yourself booting with an
   older system, and often many newer versions of programs
   such as NSF and Samba will not work with prior versions of
   the OS.

   Note, this boot disk is not the same as an Install floppy.
   Normally, you do not need an install floppy if you can boot
   from a CDROM. If you cannot boot from a CDROM for some reason,
   old machine, brain damaged Compaq bios, or whatever, you can
   make one as follows:

    mount the Installation CDROM
    cd /mnt/cdrom/images
    dd if=boot.img of=/dev/fd0 bs=1440k

   Do not mount the floppy.  After that, you will have your own
   Installation floppy that can also be used as an emergency boot
   disk.

CD, burning:
   Using xcdroast, you must first configure it using the setup.
   Under the tab "HD Settings", you give it the patch to a directory
   where you will put iso images.

   Click "Create CD" then assuming you have an ISO image, click
   "Write Tracks", then in the right window select the ISO image
   to be burnt and click "Add". Then Click "Write tracks" tab and
   verify if everything is as you want. Finally click on button
   below the window "Write tracks". It will probably ask to insert
   a CD, click OK, and away you should go.

Cleaver way to see who is calling a program from the Source Forge
 ipw2200 project:
   My wireless settings keep being changed!
   If you are trying to manually set wireless configuration
   settings, you may find yourself fighting for control with your
   specific distribution.  If you aren't familiar with how your
   distribution works, or what might be reconfiguring the wireless
   tools, you can try the following:

   % IWPATH=`dirname \`which iwconfig\``
   % mv ${IWPATH}/iwconfig ${IWPATH}/iwconfig.bin
   % echo "#\!/bin/sh
   date >> /tmp/iwconfig.log
   ps --forest >> /tmp/iwconfig.log
   echo \"iwconfig $*\" >> /tmp/iwconfig.log
   ${IWPATH}/iwconfig.bin $1 $2 $3 $4 $5 $6 $7 $8 $9" > ${IWPATH}/iwconfig
   % chmod +x ${IWPATH}/iwconfig

   NOTE: You must be root to perform the above.  You can test that
   the above is working:

   % iwconfig
   % cat /tmp/iwconfig.log
   Tue Oct  5 14:04:51 CDT 2004
     PID TTY         TIME CMD
     16409 pts/1   00:00:00 su
     16410 pts/1   00:00:00  \_ bash
     24762 pts/1   00:00:00      \_ iwconfig
     24764 pts/1   00:00:00          \_ ps

   Now, the next time you experience your distribution changing your
   wireless configuration, check the contents of /tmp/iwconfig.log.
   It will tell you when iwconfig was last executed, what the
   arguments were, and what the processes are that were executing at
   that time.  From this you can typically determine which scripts
   on your system are involved in managing your wireless devices.
   To restore your system to the way it was:

   % IWPATH=`dirname \`which iwconfig\``
   % mv ${IWPATH}/iwconfig.bin ${IWPATH}/iwconfig


     
clock:
   Make sure it is set correctly with correct link to timezone.
   use the /usr/sbin/timeconfig command to set timezone.
   Note, my Compaq CMOS does not work correctly with the
   clock set to GMT (UTC) time, so I disabled it. The symptom
   is that you are running, the clock is correct, you reboot
   and everything is off an hour (or more depending where you 
   are). You can turn of UTC either with timeconfig or by
   editing /etc/sysconfig/clock.  On all my other machines, I
   run with UTC time set.

   You can set the Hardware Clock (BIOS, RTC, ...) by using
   the program hwclock -- see the man pages.
   E.g. to set the hardware clock to the current system time:
      hwclock --systohc

   If you set your clock to UTC (a good idea), then you must
   have /etc/localtime set correctly to print local time.
   Normally, you can just copy the appropriate file:  e.g. 
   for me:

      cp /usr/share/zoneinfo/Europe/Zurich /etc/localtime

   or alternatively link it.
 
Clock, setting Time automatically (NTP):
   started in /etc/rc.d/rc.local
   Note, with RH 7.0, if you install the ntp RPM, there
      will be a /etc/rc.d/init.d/ntpd file that you can
      edit and the chkconfig to make start automatically.

   look in /var/log/ntp for what is happening
   note, it typically takes him 5 minutes to sync up
   before he starts serving correct time.
   see: www.eecis.udel.edu/~mills/ntp for more info

   Note: the following command if run as root brutally
   rests your clock:
      rdate www.switch.ch 
   
   /etc/rc.d/init.d/ntpd start    to start the NTP deamon
   /etc/rc.d/init.d/ntpd stop     to stop the NTP deamon
     (in older systems it\is called xntpd)

   ntpdate -q www.switch.ch   to see what would happen if we
     attempted to sync to that site.

   To check if NTP is running correctly, first do
      ntpq -p   if it is synchronized, one of the entries
      will have an asterisk (*) preceeding its output line.
      It prints something like the following:
            remote           refid      st t when poll reach   delay   offset  jitter
       ==============================================================================
        LOCAL(0)        LOCAL(0)        10 l   46   64  377    0.000    0.000   0.000
       *matou           bernina-rz-fddi  3 u   20   64  377    0.186   -0.227   0.004
       
      In this case, ntp is synchronized to my server matou. The items to note are
      delay and offset, both given in milliseconds. Delay is the TCP/IP time between
      that site and here, and offset is the difference between the local clock and that
      clock.

   or from a machine on the local net:

   ntpq -c peer lmatou

   For more details, do as root
      ntpq
      pe
      as
      rv nnnn where nnnn is the assID of the server to which you
        are syncronized.  You will then get a slew of output.

   Note, once my ntpd is working correctly, I generally, as root,
   do a:  hwclock --systohc
   Otherwise, my clock tends to be one hour off of the correct time
   because of change of daylight savings time.

   For more details on ntp see http://www.eecis.udel.edu/~ntp/
   For stratum 2 clock servers see 
      http://www.eecis.udel.edu/~mills/ntp/clock2.htm

   Note, you need to run NTP on all your systems, but only one should 
   access the external clock. All other machines should point to your
   NTP server.                

   For getting NTP to work correctly on Windows XP, here is what John
   Walker has to say about it:

   Yesterday I upgraded my main development "laptop" from Windows Me to
   XP Pro on the Windows side.  Everything went quite smoothly, but
   after the upgrade I discovered that the Dimension 4 program I've been
   using for ages as a Windows NTP client didn't work and, according to
   information I found on the Web, doesn't work with XP.  Well, XP
   includes its own NTP client ("Internet Time" under the time and date
   applet -- control panel item), and it has no difficulty synchronising
   with my local NTP server, but the default synchronisation interval is
   *one week*, which is completely absurd, and there's no way to change
   this from the applet.  Today I decided to dig in the registry to see
   if I could change the interval and, lo and behold, there's a key
   called:

   \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\
    TimeProviders\NtpClient\SpecialPollInterval

   which is set to 604800 (= 7 * 24 * 60 * 60), a week's worth of
   seconds.  I changed it to 900, and after manually forcing a resync,
   it resyncs every 15 minutes.  I might not use so small an interval
   if talking to a public NTP server, but since it's my own local
   server on Moby, why not?  Moby synchronises from two public Stratum 2
   servers and everybody else on the LAN gets their time from Moby.

   One little note: I never could figure out how to get my NTP server 
   name into the list of servers in the NTP service dialogue box. Silly
   me, simply type it into the edit box, click Apply, and test with
   Synchronize Now.

Cups:
Printing:
   Cups is the new Linux print spooler.  Getting it to work with Windows
   is documented in:
   http://us1.samba.org/samba/docs/man/CUPS-printing.html
 
Daemons:
   In general, each deamon has a script to start and
   stop it in:
     /etc/rc.d/init.d/"deamon" {start|stop}
   if you don't know the deamon name, simply list the
   directory. Some scripts have a {restart} option, but
   I have found it unreliable, so I recommend to explictly
   do a stop, then a start.
   If no script is available, for a "soft" restart by hand do:
      ps fax | grep deamon
      kill -HUP nnn
   or to completely eliminate it:
      kill -9 nnn
   and
      restart the deamon, but you must know the restart
      options.
   
   You can use chkconfig to modify automatic start/stop'ing
   of daemons.  For example, to eliminate the automatic start
   on boot of Apache:

       chkconfig --del httpd

   to make it start at boot time:

       chkconfig --add httpd

   and to see at which levels it is on:

       chkconfig --list httpd

   the levels are defined inside the httpd script.
  
Devices/Drivers:
   See man modprobe for manually loading kernel drivers.
   RedHat 6.1 and later automatically detects new hardware 
   on boot and permits configuration.
   See man MAKEDEV for description of device names.
   cat /proc/devices   for list of devices
   cat /proc/modules   for list of modules
   cat /proc/cpuinfo   for info on cpu
   ...

   Also, you can lsmod to get a listing of which
   modules are loaded. If you want to load additional
   modules, use the insmod command.

   On RedHat systems, the file /etc/sysconf/hwconf contains
   a list of all the hardware found on your system. Though 
   it doesn't have all the details of everything (e.g. it
   lacks memory for the Video card), it does give a good
   idea of what you've got, and what should be detected if
   you are reloading the system (almost never done on Linux).
  
Disaster Recovery:
   Well, perhaps one day your system will not boot because
   something has been wiped out.  To boot using the boot
   disk (or the CDROM if boot from CDROM is enabled).
   Boot, then at the prompt, enter:

   linux recovery

   This will boot up from the recovery disk (or CD) and
   put you into a mini-environment with a number of useful
   tools including rpm.  Your disks will be mounted under
   /mnt/sysimage

   First do a "df" to see what is mounted, then
   look in /mnt/sysimage/etc/fstab to see what partitions
   you had mounted where.

   If you need to do an fsck, first unmount all the
   /mnt/sysimage partitions, then do 

   fsck /dev/hda1   
   ...
   on all your partitions.
   At this point, you can exit and reboot normally (hopefully).

   If you must reload rpm's in this state, the RPM
   binaries will be in /mnt/source/... if you booted from
   the CD otherwise mount the CD.

   rpm --root /mnt/sysimage -Uhv --force --nodeps package-name

   will generally do the job.  For installing a new boot,
   do:

   lilo -r /mnt/sysimage -v

   If you do a lilo in recovery mode, I recommend that the first
   thing you do after booting is:

   cd /etc
   lilo -v

   to ensure that the lilo boot image is REALLY correctly installed
   on your boot disk.

   Oops. I have switched to grub, and it is much more complicated
   to install than lilo. Look at the Disaster Recovery chapter of
   the Bacula manual to see much more detailed information on this.

Disks:
   Adding a new harddisk. First plug it in then reboot. 
   If all goes well, Linux will recognize it.  If it is an
   IDE device look in /proc/ide/hdx (where x is the new
   drive letter -- the second one is ususally c).

   Partition the drive with cfdisk. Recommend:
     Partition   Size  Flag      Usage
       hdc1      60M   Primary   Boot or rescue partition
       hdc2     xxxM   Swap      Swap partition (xxx is at least
                                   twice memory size. This is not
                                   needed if you already have a
                                   swap file).
       hdc5     yyyM   Logical   Anything you want

   Now that hard disks are much bigger, I'm using the following
   partitioning scheme:
     Partition   Size  Flag      Usage
       hda1     600M   Primary   /boot
       hda2       5G   Primary   /
       hda3     600M   Primary   Rescue (not yet used)
       hda4            Extended
       hda5       5G   Logical   /usr
       hda6     xxxM   Swap      Swap partition (xxx is at least
                                   twice memory size. This is not
                                   needed if you already have a
                                   swap file).
       hda7       5G   Logical   /tmp
       hda8        *   Logical   /home


   Note, for a server, it is better to have a separate /var     
   directory. That way, if you email spool file fills, it will
   not hang the machine. A 5G partition should be *more* than 
   enough.

   Format the boot partition with:

    mkfs -c -v /dev/hdc1
    mkfs -c -v /dev/hdcn  (where n are any other non-swap partitions
                           you created)
    mkswap /dev/hdc2      format swap partition
     
   Be sure to use the correct device names (partition numbers)
   that were given by cfdisk.

   See man swapon for turning on new swap partitions. Look in
   /proc/swaps for what swap files you have.

   Add the new partitions to /etc/fstab          
   mount any partitions you want mounted.

   Making a partition on the loopback device:
   dd if=/dev/zero of=/tmp/disk count=20480
   mke2fs -q /tmp/disk
   mkdir /mnt/loopback
   mount -o loop=/dev/loop0 /tmp/disk /mnt/loopback

   creates a 10MB disk partition.

Documentation:
   To print a man page (unfortunately without pagenos):
        man -t page | lpr

Documentation (online):
   see /usr/share for dirctories of 
   mostly HTML documentation.
   also /usr/share/doc
   Many RPM installed packages put their documentation in
     /usr/doc/"rpm-package-name"
   Most programs now put their documentation in:
     /usr/share/doc/"package-name"

DNS:
   Domain Name Service. You need it if you want the world
   to know who your are.
   /etc/named.conf -- other files in /var/named

   The resolve order is defined in /etc/host.conf 

   Well, unfortunately the good old nslookup no longer
   works as it did before and is going to be depreciated.

   The new way to find out about a domain is to use host
   or dig.  For dig here are a few examples:

   dig @sibbald.com sibbald.com mx
     print MX records from server sibbald.com for domain
     sibbald.com.

   dig sibbald.com any
     print all records for sibbald.com.

   dig @fourmilab.ch sibbald.com any 
     use server fourmilab.ch to print all info on sibbald.com

   The server (@xxxx.yy) can be omitted and it will use
   your default server.
   
   look in /var/log/ ... for various files of error messages
   and logs.  messages is where DNS puts startup messages
   /var/log/secure for security items


   /etc/rc.d/init.d/named stop -- to stop DNS
   /etc/rc.d/init.d/named start -- to start DNS

   tail -30 /var/log/messages to see if DNS started correctly
          last message should be:
          named[nnn]: Ready to answer queries.

   kill -SIGINT $(cat /var/run/named.pid) then look
   in /var/named/named_dump.db) to see the DNS dump

   cd /var/named
   dig @rs.internic.net . ns >root.cache.new
   - make sure root.cache.new is good 
   cp root.cache.new root.cache
   updates the root DNS cache. You should do this about once
   a month. I don't do it with a script because now and then
   the output from dig is garbage, which would trash my DNS.
   Most common source of problems is that the Connection
   timed out. 

   Now running chrooted named:

   #!/bin/sh
   mkdir -p /chroot/named
   cd /chroot/named
   mkdir -p dev etc var/named var/run var/run/named
   cp -p /etc/named.conf /chroot/named/etc/
   cp -p /etc/rndc.key /chroot/named/etc
   cp -a /var/named/* /chroot/named/var/named
   chown -R named.named /chroot/named/etc /chroot/named/var/named /chroot/named/var/run
   mknod /chroot/named/dev/null c 1 3
   mknod /chroot/named/dev/random c 1 8
   chmod 666 /chroot/named/dev/null /chroot/named/dev/random
   cp /etc/localtime /chroot/named/etc
   chown root /chroot
   chown 700 /chroot
   chown named.named /chroot/named
   chmod 700 /chroot/named

   add -a /chroot/named/dev/log to "daemon syslogd" in /etc/init.d/syslog
   (actually add to SYSLOGD_OPTIONS in /etc/sysconfig/syslog)
   stop/start syslog
   add -t /chroot/named -c /etc/named.conf to named invocation
   (actually add ROOTDIR="/chroot/named" to /etc/sysconfig/named)
   stop/start dns

Emulation:
   See qemu below:

Evolution:
   Was a super replacement for Outlook. After installing, make a copy
   of ~/evolution in case something gets screwed up.

   Then with version 2.4 upgrade it started crashing all the time.
   I mean 3 or 4 times a day.  I looked at the source code and realized
   it is zillions of lines of complex code totally uncommented.

   I gave up and switched to KDE and Kontact.  It is not 100% trouble
   free, but at least it works, and it is *much* faster than Evolution.

   Also in looking at the source code Evolution is a mess.

Files: 
   Who is using what file "lsof" also sockets.

   Make a new filesystem when installing a new hard disk: mkfs
   Patition a disk: cfdisk, fdisk, sfdisk
   Make a swap file: mkswap   See Disks (above).

flash-plugin (Macromedia):
   Create new repo:
   ==== /etc/yum.repos.d/macromedia.repo ===
   [macromedia]
   name=Macromedia for i386 Linux
   baseurl=http://macromedia.rediris.es/rpm/
   enabled=1
   gpgcheck=1
   gpgkey=http://macromedia.mplug.org/FEDORA-GPG-KEY
   ===

   yum install flash-plugin
   mkdir -p /usr/X11R6/lib/X11/fs/
   ln -s /etc/X11/fs/config /usr/X11R6/lib/X11/fs/config

Graymilter:
   From the author at: http://www.acme.com/software/graymilter/

   Sendmail includes a facility for plugging in custom mail filters, called
   milters.  It's documented here.  Graymilter uses this facility to implement
   graylisting.  This is an idea invented by Evan Harris in 2003.  Basically,
   the first time someone tries to send you mail, you send back a temporary
   failure response.  A real email system will put the mail into a queue and
   re-try it later, at which time the address will have graduated from the
   graylist to the whitelist, so the mail will get through.  However, spam
   engines and worms do not have real email systems.  They are optimized for
   sending out mass quantities of mail, and they generally do not implement
   re-trying.  Therefore mail from those sources will not get through.

   I used version 1.26.
   Check if MILTER is turned on in sendmail:
     sendmail -d0.1 -bt < /dev/null | grep MILTER
   Modify sendmail.mc
     INPUT_MAIL_FILTER(`graymilter',`S=unix:/var/run/graymilter.sock, T=S:4m;R:4m')
   Modify the /etc/init.d/sendmail script to include:
     graymilter -initialwhitelist /etc/mail/milter-whitelist \
         unix:/var/run/graymilter.sock
   After installing it, see man graymilter

Hardware:
   What hardware is connected to your PCI card?

     lspci [-v]

KDE:
   Much better as a desktop (IMO) than Gnome.  See above under
   Evolution for comments about Kontact.

Kernel building:
   Load RedHat source kernel-source-.i386.rpm 

   cd /usr/src/linux-
   make mrproper
   Get a valid .config file.
   make xconfig
   make dep
   make clean
   make bzImage
   make modules
   make install
   make modules_install
   cd /etc
   Update lilo.conf 
   lilo -v
   (or now days grub)

Kernel Updating:
   See: http://www.redhat.com/support/resources/howto/kernel-upgrade/
   I recommend that you do "rpm -hiv kernel-xxx" rather than use the
   -U option. This is because the -U option will remove your old
   kernel. It is better to keep it and when you are sure the new
   one is good, to remove it by hand using:

     rpm -e old-kernel

   NOTE: very important, if you boot from a SCSI disk,
   you MUST make a new initrd-xx.img otherwise you may not be
   able to boot.

   Also, you need to update /etc/lilo.conf to contain the new
   kernel name (obtained by ls -l /boot).
   IMPORTANT: don't forget to do:

     lilo

   after updating /etc/lilo.conf. It is not done automatically.

   If you are using grub, simply edit /boot/grub/grup.conf -- no
   need to execute anything.
     
   Be sure to ALWAYS make a backup boot disk for each version
   of the kernel. See Boot Disk and Disaster Recovery.

   If you are using grub as a boot loader (RH 7.2), edit
   /boot/grub/grub.conf to change what is booted. No need to
   update anything more than this file to get a new system
   to boot (i.e. no equivalent to lilo).
     
Keyboard:
   Assuming you use X, to remap keys, look at xmodmap.
   E.g. xmodmap -e 'keycode 22=BackSpace' 
   It is usually called from .xinitrc   
   See the man pages for more info. 

   Got accents working on Linux. Rewrote us-latin1 keyboard file.
   It is in /lib/kbd/keymaps/i386/qwerty/us-latin1.kmap.gz
   You must put "us-latin1" in the /etc/sysconfig/keyboard file 
   as well as in /etc/X11/XF86Config file. Add
     XkbLayout "us-latin1" 

   Logout of GNOME, then restart X with ctl-alt-backspace to get
   new values loaded. If you know of a more gentle method,
   please let me know.

   man keymaps
   man loadkeys

   Under Gnome, everything changes, and in general, you set "us_intl"
   in your xorg.conf file, then it uses the xmodmap keytable in
   /usr/share/xmodmap/xmodmap.us_intl

Libraries:
   Library directories automatically searched by the linker are
   defined in /etc/ld.so.conf. I believe that these are for
   dynamic libraries. In any case, you must run:

     /sbin/ldconfig

   after changing /etc/ld.so.conf in order to update 
   /etc/ld.cache, which is what the runtime loader (DLL loader)
   ld.so uses to find dynamic libaries.  A valid ld.so.conf
   is:

    /usr/lib
    /usr/i486-linux-libc5/lib
    /usr/X11R6/lib
    /usr/kerberos/lib
    /usr/lib/qt-1.45/lib


    I watch the RedHat Advisory site fairly closely and frequently
    update my system when there are security patches.  I usually test
    them on my development machine for a week or two before installing
    them on my server.  Until recently, I have never had any problems,
    but it appears that one of the RedHat 7.0 update patches blasted
    away my /etc/ld.so.cache and emptied my ld.so.conf file.  The
    perversity of this is that everything seems to run fine until you
    need a "non-standard" dynamically linked library that is in a
    non-standard location (not in /lib or /usr/lib).  I ran into this in
    trying to run smbclient, which I don't do very often.  When you run
    the program it simply says that it cannot find some weird named
    library file like kerberos457xx.so.3

    Well, the solution is to restore /etc/ld.so.conf (it is most likely
    sitting in /etc/ld.so.conf.rpmsave), then as root do what is not
    totally obvious, run:

        /sbin/ldconfig

    which rebuilds all the necessary links.

    Some useful programs for dealing with libraries, objects, and
    binary files:

    ar       - create an archive (i.e. library xxx.a file)
    objdump  - prints info on object file
    stings   - print all strings in a binary file
    nm       - list the symbol table of an object file
    ldd      - list shared libraries needed by binary file
    strip    - strip symbol table and debug from a binary file


Mounting CDROMS and Diskettes:
   use the X application: usermount
   you must have appropriate entries in /etc/fstab 
    that permit users to mount the cdrom.
   CDROMs are now automatically mounted on RedHat systems
    running Gnome.

Mozilla Mail:
   It tends to get out of sync. For example, my Sent folder has
   problems (sending mail gets error attempting to save sent mail).
   Delete /home/kern/.mozilla/kern/7ntf5xfn.slt/ImapMail/ImapMail/lmatou
   corrects the problem.

   I've now totally converted to Evolution. It is was great until version
   2.0.2.
   For more see Netscape topic.

Network:
   ping {known site with name in hosts} - first line of testing
   /etc/rc.d/init.d/inet restart to restart network.
     Note, inet is now replaced by xinetd in RH 7.2 and later.
     look in /etc/xinetd for the configuration files.
   /etc/rc.d/init.d/network stop/start

   ifconfig to examine ethernet cards

   route to see the routes

   netstat to see status of a lot of stuff. "netstat -vat" for
   a little info, and "netstat -an" for a lot.

   To see the other computers that yours is talking directly to.
   i.e. ethernet card to ethernet card connections.
      arp -vn -a
      

   tcpdump to watch traffic.
   tcpdump -ip eth1 to watch on ethernet 1
     be sure to use p option so that device is not
     left in promiscuous mode.

   to remove promiscuous mode.
      ifconfig eth1 -promis   
   
   be sure to have full hostname in /etc/hosts

   e.g.  192.168.xx.xx  machine2  machine2.sibbald.com
    
Netscape:
Mozilla:
Galeon:
   Note, I no longer use Netscape, though it is
   loaded on my machine. I use Galeon and occassionally
   Mozilla. (Mozilla must be loaded for Galeon to work).
   Plugins: http://wp.netscape.com/plugins/index.html

   For me, Mozilla is loaded in /usr/local/mozilla
   To make plugins work, just drop the .so into
   /usr/local/mozilla/plugins.  Mozilla is required
   for a number of packages such as Galeon, so even if
   you use only galeon, you must load Mozilla. I have
   never been able to get the RedHat rpms to work the
   way I want, so I move them to another directory
   they are located in /usr/lib/mozilla.

   Loading a new copy of Mozilla:
    - download Mozilla from www.mozilla.org (current
      version is 1.1 as of 3 Nov 2002.  
    - Detar it producing mozilla-installer.
    - If you haven't already, save your old version:
        mv /usr/local/mozilla /usr/local/mozilla-1.x
    - cd mozilla-installer
    - ./mozilla-installer
    - Aswer a few dialogs (license, ...) until install
      setup dialog appears.
    - Important, choose Custom installation !!!!
      If you really want you can change the installation
      directory. I use the default. This prevents
      it from being wiped out by a RedHat Mozilla during
      upgrade.
    - If you have a previous version, it will tell you.
      Simply click Delete.
    - Now select components you want. The only two I
      load are Navigator and Personal Security Manager.
      Without Personal Security Manager (nss I think),
      you cannot access https (ssl) pages.
    - You can setup a profile if you want, I don't use it.
    - Now, important, recopy your plugins from your old
      version to the new one, since there is nothing in
      the new one.  E.g. during upgrade from 1.0 to 1.1
      I did:

        cd /usr/local
        cp -a mozilla-1.0/plugins mozilla/

   To get java working. I downloaded Sun Java 2 and
   copied the whole java2 directory to                    
   /usr/mozilla/plugins.  Then I 
      cd /usr/mozilla/plugins
      ln -s /usr/local/mozilla/plugins/java2/plugin/i386/ns600/libjavaplugin_oji.so libjavaplugin_oji.so


   plugger is probably the most useful plugin. See:
   http://fredrik.hubbe.net/plugger.html His README
   gives the necessary steps to make it work. I did
   the "global" install.

   Plugins. Download them from the Netscape plugin
   library and place them in /usr/local/mozilla/plugins.
   See: http://wp.netscape.com/plugins/index.html

   NOTE. Everything is now in /usr/lib/mozilla-1.0.1   This apparently
   depends on whether you install directly or use some mozilla.rpm.

   If you want a better browser download Mozilla from
   www.mozilla.org and install it (I have been unable to
   properly install any rpm so do it from the .bin). Then
   get Galeon from galeon.sourceforge.org.  Galeon is the
   best.  Getting the Java plugin to work is a bit of a
   pain. I think I finally accomplished it by launching
   Galeon as root, clicking on a site that required
   Java then letting it do the fetch and install. I pointed
   it to my mozilla directory /usr/local/mozilla.  Watch out
   /usr/local/mozilla is the default directory for installation
   with the .bin release (which is what I use). The rpm
   will install it in /usr/lib/mozilla and this can cause confusion.

   If you want the best Email program (a knockoff of Outlook)
   get Evolution from www.ximian.org.  I wouldn't use anything
   else!  If you install mozilla from the .bin rather than from
   an rpm, you will need to do a --nodeps on installation of
   Galeon and Evolution, but BE CAREFUL to do so only if
   mozilla is the only missing dependency AND you have already
   loaded the .bin. In that case, everything works fine.

   Installing new galeon. rpm -Uhv galeon-1.2.5.rpm --nodeps

   Setting galeon as the default browser, RHEL 3.0,  
     Preferences->Preferred Applications->Web Browser
     Set Command: galeon --new-tab --noraise "%s"

NFS:
   You must setup /etc/exports to be able to export volumes
   to be mounted by NFS.
   Also, the NFS daemon must be running.
   See /etc/rc.d/init.d/nfs
   Finally, the portmap service must be running.
   See /etc/rc.d/init.d/portmap
   To see what services another system is running, enter:
     rpcinfo -p "system"
   You will probably get something like:
   rpcinfo -p matou
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100021    1   udp   1024  nlockmgr
    100021    3   udp   1024  nlockmgr
    100024    1   udp   1025  status
    100024    1   tcp   1024  status
    100011    1   udp    760  rquotad
    100011    2   udp    760  rquotad
    100005    1   udp   1029  mountd
    100005    1   tcp   1025  mountd
    100005    2   udp   1029  mountd
    100005    2   tcp   1025  mountd
    100003    2   udp   2049  nfs

   Much of NFS has been moved into a kernel module in
   2.4.x kernels.

Palm Pilot:
   I use the gnome-pilot applet to synchronize with Evolution.
   One day, it stopped this went on for months and months, until
   *finally* I realized that something had reset the permissions
   of /dev/ttyS0.  You either need to make it world read/write or
   change the owner to yourself (or both as I did).  Too bad the
   silly program doesn't report this!

Passwords:
   If you haven't already turned on shadow passwords, you should.
   
   pwconv   turns on shadow passwords, and
   pwunconv turns off shadow passwords.  The equivalents for groups
            are
   grpconv  and
   grpunconv

   see: man pwconv for more information.

   pwck checks the password files for inconsistencies.
 
   
   Look at /etc/login.defs for parameters that determine required
   password length, expiration period etc.

   A lot of connections/passwords/authorizations are run through PAM,
   which for configuration purposes is beyond me.  However, the control
   or configuration files reside in /etc/pam.d  If you are having remote
   login (or Samba) problems, you might check there.

PCI:
   lspci -v shows what hardware is connected to your pci card.

pdf viewers:
   ggv      -- nice for printing only a few pages
   xpdf
   acroread

Performance:
   There are quite a few performance management tools (see the man
    pages for details on the programs listed below):
     Network:
        netstat
     Open files:
        lsof
     Trace a program's system calls:
        strace   
     Trace a program's library calls:
        ltrace (on Sun systems this seems to be struss)
     Virtual memory (and other resources):
        vmstat
        top
        free
     CPU and IO usage:
        iostat
     Shared memory usage:
        ipcs

Perl:
   An interpreted language very useful for writing CGI programs.
   To find perl modules:

     perl -MCPAN -e shell
     h

   Example: find and install Gnome module:

      cpan> m /Gnome/
      Module          GNOME::GNORBA   (O/OT/OTAYLOR/GNOME-GNORBA-0.1.0.tar.gz)
      Module          GNOME::GOAD     (O/OT/OTAYLOR/GNOME-GNORBA-0.1.0.tar.gz)
      Module          Gnome           (K/KJ/KJALB/Gtk-Perl-0.7000.tar.gz)
      Module          Graphics::Simple::GnomeCanvas (L/LU/LUKKA/Graphics-Simple-0.04.tar.gz)

      cpan> install Gnome
      Running make for K/KJ/KJALB/Gtk-Perl-0.7000.tar.gz
      Fetching with Net::FTP:
      ftp://ftp.demon.co.uk/pub/mirrors/perl/CPAN/authors/id/K/KJ/KJALB/Gtk-Perl-0.7000.tar.gz
   
   According to Simon Cozens: (cool) 
   Perl modules have too many well-kept secrets, and it's not your fault
   you don't know about this one: "perldoc perllocal" will tell you all
   the modules you have installed.

   CPAN stores all the tar files it downloads in ~root/.cpan/sources/authors

   Use: "o conf init" at the cpan prompt to reconfigure.

PGP:
  Pretty good privacy. Also known as GNUPG or gpg on Linux systems.
  To correspond with people in the US, you must get the latest version
  of gnupg (I'm using 1.0.7) and add the idea.c cipher -- not so easy
  to do even if you can find the code.  

  "gpg --version" tells you what ciphers, ... that you have.

  Options used by Evolution in calling gpg:
  --verbose --no-secmem-warning --no-greeting --yes --batch --armor -r xxx@yyy.com --output - --encrypt
  where xxx@yyy.com is the recepient address. You need to feed this
  to gpg to ensure that it works. If it says bad address, it is because you
  have not set the key trust. To do so, use the command line interface.
  gpg --edit-key xxx@yyy.com
  trust
  5 (for ultimate) 
  save

  setting it to 4 or less will not work!

  Get a copy of gpa, which is a Windowing (Gtk+) version of the
  key manager. 

  To search for a key, look it up on www.keyserver.net
  Once you know the keyid, use:
    gpg  --keyserver www.keyserver.net --recv-keys keyid   
    or
    gpg  --keyserver pgp.mit.edu --recv-keys keyid
  to retrieve the key. keyid is typically an 8 digit hex number.

   
Printer:
   Configure network printer using control panel. Used printer
   exported from minimatou (Win32 machine). Chose HP DeskJet 550,...
   3 Normal color; Fix stair-step; fast text printing.  This works
   great for the Epson Stylus Color series also (I have a 740 model).
   A4.  Apparently, Linuxconf works pretty well now (RedHat 6.1).
   I haven't tried it lately.
   See Cups above.

Problems:
   All my CPU time was being consumed. The first time, I rebooted
   the machine. The second time, I got a bit smarter and ran "top".
   Don't try to run it in the background as it is a "curses" type
   program. Top displays the programs that are using the most CPU.
   I had two control-panels running, each consuming 48% of the CPU
   (this was in RH 5.2).

Process:
   Run "top" to see who is doing what.
   Run "ps fax" to see the parent child relationship.
   To see more information run "ps -uax"

   last  gives that last connections that were made to the
         machine.

   look in /var/log/messages for boot messages.

   gtop is a nice graphical version of top.

qemu:
   A very fast simulation program that allows you to boot anything
   on your computer. I used for rapid development of the Bacula rescue
   cdrom:

    qemu -cdrom bootcd.iso

   boots the bootcd.iso image. It runs extremely fast.

Rdist:
   A program to synchronize files on two different computers.
   Using ssh:
      rdist -f list -P /bin/ssh -p /usr/sbin/rdistd -F
      # add -D for copious debug output
   contents of list
      HOSTS = ( other machine )
      FILES = ( /home )
      ( ${FILES} ) -> ( ${HOSTS} )
            install /home ;
            notify root ;

   In most cases if you can do an NSF mount, I find:
       cp -rpudf "source" "destination"
   to work equally well (much simpler too).
  
Rsync:
   Apparently a faster way to synchronize files than
   rdist. It transfers only differences.

RPM packages:                              
   gnorpm& for Gnome RPM interface. I still prefer to do it by
   hand.
   use:
      for maximum info including file locations use -vv
   rpm -ivvh "package"     
      to install a package. If you load the sources from disk 2
      they go in /usr/src/redhat/SOURCES
   to query a package:
      rmp -qip package
   to query a package and list all files:
      rpm -qipl package
   to see if a package is loaded:
      rpm -q "package-base-name-with-version" (e.g. samba)
   to find out what package a file belongs to:
      rpm -qf "file"
   to update an existing package or install new one with a new version:
      rpm -hUv package
   to update an existing package with a new version (requires package
     to already be installed! -- great option)
      rpm -Fhv package
   to list all packages installed:
      rpm -qa
   to get rid of an installed package that has dependencies (normally
   so it can be reloaded:
      rpm --erase --nodeps --allmatches package
   
   Important: install rpmfind and rpm2html!
      after installing a new rpm run rpm2html
      Under RH 7.0 and greater I have not been able to make
      these two programs work. Too bad as they are REALLY
      nice.

   check package MD5 integrity before installing with:
      rpm -K --nogpg *.rpm
   PGP or MD5 in caps means it is not OK.  Lower case
   is good.

   To check the integrity of your files versus the RPM database,
   run:
      rpm -Va
   or for a single package use:
      rpm -V "package"
      Codes:     c -> config file; . -> test passed ? -> no test
       Failures because of differences
        5 MD5 sum error
        S File size difference
        L Symlink
        T Mtime
        D Device
        U User
        G Group
        M Mode (permissions and file type)

   To rebuild the database. Needed from time to time (once a year) to
   cleanup the database, or if it is terribly slow, or if rpm seems to
   hang:
     rpm --rebuilddb     

   See above under libraries if you have linking problems after
   installing new RPMs.

Samba:
   Samba allows access of Win32 (with smbmount) files and allows Win32
     to mount Linux file systems.
   To stop samba: /etc/rc.d/init.d/smb stop
   to start samba: /etc/rc.d/init.d/smb start
   to check:
        smbclient -L "hostname"
   look in /var/log/samba/log.smb and /log.nmb for problems.
   I needed to define /etc/lmhosts 

   Note: with RH7.0, the Samba configuration files now are in
   /etc/samba rather than /etc except smbpasswd which is in
   /etc/smbpasswd.

   You can even access a Linux CDROM on a Win32 machine:
      smbmount //win32host/CDROM /mnt/cdrom
     amazing!

SCSI boot:
  I don't particularly like SCSI disks, but some installations do
  have them and boot from them. As noted under Kernel update, you 
  must be careful to have initrd.xxx.img available when booting.
  Another problem is adding an IDE disk. After doing so, Linux will
  want to boot from the IDE disk rather than from the SCSI disk, so
  *before* adding and IDE disk, modify your boot setup as follows:

  lilo add to /etc/lilo.conf:
     disk=/dev/sda
     bios=0x80

     disk = /dev/hda
     bios=0x81

  grub add to /boot/grub/device.map
     (hd0)  /dev/sda

  I've tried the lilo change and it works, but I haven't tried     
  the grub change.

sendmail:
  be sure to set a fully qualified hostname
  such as matou.sibbald.com into 
  /etc/HOSTNAME
  otherwise sendmail will start slowly trying
  to figure out what is the correct domain.
 
  sendmail -bt -d0.4 </dev/null
    for compile options and system names
    Make sure you domain names and subdomain names are
      correct. This means to either have them defined
      in DNS, or as I do have them defined in hosts. 
      However, in hosts, be sure to have fully qualified
      name:
        192.168.1.1  name   name.sibbald.com
    
   To restart sendmail
   /etc/rc.d/init.d/sendmail restart {start|stop|restart|status}

   Take the time to learn how to generate a sendmail.cf
   file from a sendmail.mc (using m4. It is really easy).
   This is the ONLY way to go. No more editing sendmail.cf.
   Here is my sendmail.mc file:

divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl #     make -C /etc/mail
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`Matou MTA')dnl
OSTYPE(`linux')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST',`localmatou')
dnl #
define(`confSMTP_LOGIN_MSG', `$j Matou MTA/2.0; $b')dnl
define(`confDEF_USER_ID',``8:12'')dnl
undefine(`UUCP_RELAY')dnl
undefine(`BITNET_RELAY')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE',`/etc/mail/aliases')dnl
dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
dnl define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `goaway,authwarnings,novrfy,noexpn,restrictmailq,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl # 
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl #
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl #     make -C /usr/share/ssl/certs usage
dnl #
dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl
dnl #
define(`confTO_QUEUEWARN', `4h')dnl
define(`confTO_QUEUERETURN', `5d')dnl
define(`confQUEUE_LA', `1000')dnl
define(`confREFUSE_LA', `2000')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
dnl # reduce spam
dnl # reduce spam
FEATURE(`dnsbl', `dnsbl.njabl.org',  `Rejected spammer $&{client_addr} -- see http://njabl.org/')dnl
FEATURE(`dnsbl', `relays.ordb.org',  `Rejected spammer $&{client_addr} -- see http://ordb.org/')dnl
FEATURE(`dnsbl', `sbl.spamhaus.org', `Rejected spammer $&{client_addr} -- see http://spamhaus.org/sbl/')dnl
FEATURE(dnsbl,   `opm.blitzed.org',  `Rejected spammer $&{client_addr} -- see http://www.blitzed.org/opm/')dnl
dnl #
dnl INPUT_MAIL_FILTER(`Xspf-milter', `S=local:/var/spf-milter/spf-milter.sock, T=C:4m;S:4m;R:8m;E:16m')dnl

EXPOSED_USER(`root')dnl
dnl #
dnl # Limit the MSA to the loopback
dnl #
DAEMON_OPTIONS(`Name=MSA, Port=587, Addr=127.0.0.1, M=E')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires
dnl #       a kernel patch
dnl #
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
dnl FEATURE(`accept_unresolvable_domains')dnl
dnl #
dnl FEATURE(`relay_based_on_MX')dnl
dnl # 
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl # 
LOCAL_DOMAIN(`localhost.localdomain')dnl
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
MASQUERADE_AS(`sibbald.com')dnl
FEATURE(`allmasquerade')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl


   On any internal machines that forward mail to the main mail hub, the
   "SMART_HOST" line is enabled.  Please note that the local-host-names
   in /etc/mail on the internal machines MUST be empty or the mail will
   be delivered locally despite the SMART_HOST tag being defined.

   To check that the anti-spam rule (the last one sbl.spamhaus.org)
   is working, try (no need to bring down sendmail or be root):

     m4 /etc/sendmail.mc >/etc/sendmail.cf
     sendmail -bt -C /etc/sendmail.cf
     .D{client_addr}127.0.0.2
     Basic_check_relay <>
     ctl-D -- to get out of sendmail

   should get back something like:
      Basic_check_rela   input: > >
      Basic_check_rela returns: $# error $@ 5 . 7 . 1 $: Rejected spammer 127 . 0 . 0 . 2 -- see http : / / spamhaus . org / sbl /

   If you get back:
      Basic_check_rela   input: < >
      Basic_check_rela returns: OKSOFAR
   it is not working.

   Note, the 127.0.0.2 is simply an IP address that is guaranteed to
   be in the spam list of the site you are using. It allows testing
   of your rules. You may need to replace the 127.0.0.2 with another test
   address depending on the site you are using.  For example, the US
   version of spamhaus uses 127.0.0.6 as the test bad address.

   To check if relays.ordb.org is working, just send an email to
      ask-block-test@null.dk  The response that you get will be
      clear.

   If you want to see what is going on with sendmail use:
    mail -v <address>
   or
    sendmail -v -t
    To: name@site.com
    From: name@site.com
    Subject: test mail
    Test mail
    .

   to test if sendmail relays or not (an open relay is VERY bad)
   telnet <site> 25
   ehlo site.com
   mail from:name@site.com
   rcpt to:xxxx@yyyy.com
   data
   test
   .

   Also, after the ehlo command, try the following and ensure
   that they are rejected:

   vrfy root
   expn all

  To receive email on another machine, you will normally
  need to have a POP3 and/or IMAP server running. See inetd.conf.

  If you have problems connecting from Outlook, Microsoft
  provides no way to debug what is happening (at least
  not documented for users). You can test the POP3 connection
  by logging in from Telnet:

   telnet port 110 
   USER your-email-account
   PASS xxxx

  If you host multiple domains as I do, be sure to put the 
  domain names in /etc/sendmail.cw.  For example, my file
  looks like the following:

   # sendmail.cw - include all aliases for your machine here.
   #  this is now in /etc/mail/local-host-names
   sibbald.com
   fatou.sibbald.com
   sibbald.ch
  
  Finally, if you have other machines on your local network that
  send and receive email, besure to put the appropriate definitions
  in /etc/mail/access to allow "relaying" for example:

   # Check the /usr/doc/sendmail-8.9.3/README.cf file for a description
   # of the format of this file. (search for access_db in that file)
   # The /usr/doc/sendmail-8.9.3/README.cf is part of the sendmail-doc
   # package.
   #
   # by default we allow relaying from localhost...
   localhost.localdomain           RELAY
   localhost                       RELAY
   192.168.0                       RELAY

Serial ports:
   They are normally /dev/ttyS0, ...
   To get more information try:
     
     setserial -a /dev/ttyS0

Shared Memory:
   Apcupsd and some other programs use shared memory. To see    
   the system's idea of what is allocated, use:

     ipcs

SSH:
   Install ssh for secure transfer of data. A bit complicated.
   There is now an OpenSSH project. Don't allow root login
   or password authentication if you want reasonable security.
   If possible, use only SSH 2 protocol.

   Connecting OpenSSH with the commercial SSH Communications
   Security Ltd ssh. To OpenSSH from SSH CS Ltd, on the SSH CS
     machine, generate keypair (or use an existing key pair):
      ssh-keygen2 -P -o xxx
   Modify ~/.ssh2/identification to have
      IdKey xxx
   Make sure xxx and xxx.pub have -rw------- permissions (600).
   Transfer xxx.pub to the OpenSSH machine preferably with
     cut and paste over a secure line.
   On OpenSSH machine run:  ssh-keygen -i -f xxx.pub >yyy
   Add the contents of yyy to your .ssh/authorized_keys2
    file. It is a single line, but you can add some 
    identification to the end of the line separated by a
    space, if you wish.
   You should now be able to login to your OpenSSH machine
     from your CS machine.
   
   Connecting from OpenSSH to SSH CS Ltd, on the OpenSSH 
     machine, generate a keypair (or use existing pair):
       cd ~/.ssh
       ssh-keygen -t dsa -f id_dsa
     Convert the key to SSH CS Ltd format:
       ssh-keygen -e -f id_dsa.pub >zzz.pub
     Transfer zzz.pub to the SSH CS Ltd machine preferably with
       cut and paste over a secure line.
     On the SSH CS machine, modify ~/.ssh2/authorization to have:
       Key zzz.pub
     Make sure all permissions of all files are 600.
     You should now be able to login to the SSH CS machine
       from your OpenSSH machine.

   Note, SSH CS Ltd programs are really quite poor. For example,
     after creating the keypair without a password, there appears
     to be no way to add a password. Boohiss.  OpenSSH provides
     this capability making key exchange/management much
     easier. Bravo.

System call tracing (strace):
   See Performance:

System installation/upgrade: (RedHat)  -- see Upgrading below ...
   To check what really happened during install/upgrade,
   look at the rpm log file in /tmp/upgrade.log

   To make a emergency boot disk (RedHat 6.1 upgrade did not
   do so by default):
   uname -a
     (it prints: Linux polymatou 2.2.12-20 #1 ....
   put floppy in drive   
   mkbootdisk 2.2.12-20


System logging:
   /etc/syslog.conf -- configures logs
   most logs are in /var/log/xxxx
   to restart after changing config file
     kill -HUP $(cat /var/run/syslogd.pid)

Tape drives:
   /dev/nst0 for first non-rewinding scsi drive.  If something
   hangs, try:

   ps -eo cmd,wchan
   ps -eo fname,tty,pid,stat,pcpu,wchan
   ps -eo pid,stat,pcpu,nwchan,wchan=WIDE-WCHAN-COLUMN -o args

   To be able to use tape drives on new kernels, one needs
   to enable udev.  For my setup, I have added:   
   /etc/udev/rules.d/40-kerns.rules
===
# Devices used by Kern
KERNEL="hiddev*",               NAME="usb/hiddev%n"
KERNEL=="ttyS*",                OWNER="kern",GROUP="uucp", MODE="0660"
KERNEL=="st*",                  OWNER="kern",GROUP="disk", MODE="0640"
KERNEL=="sg*",                  OWNER="kern",GROUP="disk", MODE="0640"
KERNEL=="nst*",                 OWNER="kern",GROUP="disk", MODE="0640"
===


terminal:
   tic (terminfo compiler) 
   infocmp xterm -- printers terminfo entry for xterm
   terminfo compiled entries are in /usr/share/terminfo/x/xterm

Updates:
   See:  http://oss.redundant.com/pub/party-updates/
   for older RedHat updates.
   
X11:
   ctl-alt-backspace kills the X server. Normally you
   won't need this, and it is not advisable as Gnome
   will not save its setup and may even loose some
   panel applets, but if everything freezes (especially
   if trying to run a java applet) try ctl-alt-backspace
   before rebooting.

   Xconfigurator doesn't seem to be on RHEL 3.0 systems.
   When in trouble, modify /etc/inittab so that Linux
   starts in level 3.  Then when logged into root do
    
   startx 2>1 1>1

   If the screen is messed up, enter ctl-alt-backspace
   and examine the error messages in file 1.

   Run Xconfigurator to configure your display.
   It puts the output in /etc/X11/XF86Config
   You can then do:

    telinit 3

   and

    telinit 5

   To reset the X11 system.

   If running with xdm then in home directory
   .wm_config has the name of the window manager
   to run. It can be: AfterStep, WindowMaker,
   Fvwm95, or Mwm. Under RedHat 6.0, use GNOME, or
   possibly KDE.

   see /etc/X11/xinit/xinitrc and Xclients for
   details.

   xset    to display screen things that can
     be set e.g. the screen saver.
   xset q  to query screen state.

  /etc/X11/xinit/Xclients is startup if you
  do not have ~/.Xclients  see /etc/X11/xinit/xinitrc

  xiterm is an international terminal emulator that has
    a smaller memory footprint because it does not have
    the Tektronics code.  Nice options for starting is:
    xiterm -sl 1000 -geometry 80X60

  Highlighting characters causes them to be tranferred into
     the copy buffer (sort of clipboard). Clicking the middle
     button (or on a 2 button mouse, the two buttons
     simultaneously) causes the characters to be pasted.

  /etc/X11/xdm/Xservers (add other machines on local net)
  /etc/X11/xdm/xdm-config (add other machines on local net)
  /etc/X11/xdm/Xaccess (add machines to %hostlist)
  %hostlist machine1 machine2 ...
  To be able to connect with an xdmcp session from another
  machine, you need to set Enable=1 in the [xdmcp] section
  of /etc/X11/gdm/gdm.conf  also, you must add the machine
  name in the [servers] section.

  If you are running GNOME, try adding:

   "remote-machine-name":0=/usr/bin/X11/X
  
  to the list of [servers] in /etc/X11/gdm/gdm.conf
 
  Adding new hosts to the list of hosts permitted to access X
   on your system can be done with the xhost program.
   See "man xhost"

  I don't use Windows much any more, but *many* years ago,
  here are a couple of things I used.

  I use the Windows X-Win32 Version 5.0 from StarNet (www.starnet.com)
  to access the GUI interface of my Linux machines. It is commercial,
  not very expensive, and a very good program.

  I use SecureCRT version 3.1 by Van Dyke Technologies, Inc
  (www.vandyke.com) to access my Linux machines
  in termal mode(this is my normal way of accessing them). On the
  Linux end, I use OpenSSH OpenSSH_2.2.0p1, protocol versions 1.5/2.0
  to provide the secure connection. SecureCRT is
  commercial software, very nice, and not very expensive.

Upgrading: How I keep my system up to date.
Update:
Upgrade:
  If you want, you can sign up of RedHat service. From what I see, it
  is really cool, but you have to pay for it.  I strongly recommend against
  automatic updating of your system as Microsoft does. This leads to
  instability.

  Before any system upgrade, save the following files:
    /etc/hosts
    /etc/passwd
    /etc/group
    /etc/shadow
    /etc/fstab
    /etc/modules.conf
    /etc/exports
    /etc/sendmail.mc
    /etc/sysconfig/network
    /etc/sysconfig/network-scripts/ifcfg-eth0, 1, ...
  and the following directories (or the important parts)
    /etc/mail
    /etc/httpd/conf
    /etc/samba

    /etc/mtab (not really necessary)
    output from df
    /etc/X11/XF86Config
    output from rpm -qa

  Actually, I now make a full copy of /etc someplace in my
  /home directory. This means that all the above directories
  and files are available.

  Make a hardcopy or printout of:
    Your Horiz and Vert frequencies from /etc/X11/XF86Config as well
      as your Driver type, depth and resolution (e.g. 1280X1024).
    The output of df so you know what partitions you have 
    /etc/sysconfig/network
    /etc/sysconfig/network-scripts/ifcfg-eth0, 1, ...

  The first five can simply be copied over any changed file after the  
  update, the others can be used to figure out what is going on or what
  needs to be change.

  Personal files needed:
    Galeon/Netscape bookmarks
    Local Sent mail folder
    .gnupg directory
    .bash*
    .rpmmacros
    .rpmrc
    .cvsrc
    .ssh directory
    .galeon (bookmarks, possibly save as)
    .gftp (bookmarks)

  Here is how to handle upgrading "by hand" but in a way that you 
  keep control over what you do. You are assumed to be root.
  1. cd /root
  2. The first time you are doing this, and only the first time, do:
     rpm -qa >installed-packages.txt
  3. mv installed-packages.txt installed-packages.txt.date 
     where date is something like 30Aug02. Why? You now have
     a snapshot of what you had before you make any changes. You
     can easily back-out only the changes you made.
  4. Define a place to keep ALL rpm Updates to your system.  I
     use /home/src/RedHat7.3 (where the 7.3 changes for each OS upgrade
     as I sometimes have different OSes on different systems).
     In this directory, make a subdirectory named "installed".
  5. Using gftp download ALL RedHat updates.  For example, for
     7.3, you will find them at various mirrors and on RedHat.
  6. You may now apply the updates individually, partially, or all at
     once with something like:

       rpm -Fhv *.rpm

  7. After you apply a package move it to the installed subdirectory.
     Any packages that you do not install, you should also move to that
     directory.
  8. You may not want to include your kernel in step 6. I prefer to do
     an  "rpm -ihv kernel..." on my kernel and then later when I am sure
     the new kernel boots correctly, I do an "rpm -e kernel-xxx" on the
     OLD kernel to get rid of it.  If you use the -F option, it will 
     replace your old kernel with the new one. This is OK 99.9% of the
     time, but ...
  9. cd /root
 10. If you haven't done step 3, do it now. Then do
     rpm -qa >installed-packages.txt 

 Now the next time you need to do an update, it is easy.
  - Do step 3 above
  - Run gftp, in the local window cd to your installed directory containing
    all previous packages (installed or not). Click on the "Tools" menu
    item and select "Compare Windows". cd up one level in your local window
    to /home/src/RedHat7.3. Click on the left arrow to transfer all new
    packages since your last update into your RedHat7.3 directory, 
    then go to step 6 above (apply the updates you want and move them
    into the installed subdirectory).  So you now have a little mini-version
    tracking system that you run manually for full control.  You are always
    sure that you have applied all the updates, and if not, you can 
    quickly check.  The big "trick" or help is the "Compare Windows" option
    of gftp.

up2date:
yum:
  Two complementary methods for downloading and installing new rpms
  on your system. I particularly like yum.
  Conf files:  up2date:  /etc/sysconfig/rhn/sources        
               yum:      /etc/yum.conf
  Downloads:   up2date:  /var/spool/up2date
               yum:      /var/cache/yum/updates-released/packages