March 2008 | Linux Blog

HowTo run an Perl or shell script using procmail

This is a sample (example) of procmail configuaration and in this configuation we want to run some script

:0 * conditions, if any | your-script-here

Obviously, you are not restricted to Perl or shell scripts. Anything you can run from a Unix command prompt can be run from Procmail.

Are you an Ubuntu User? - Get Counted !!!

The Ubuntu Counter Project is like a miniature version of The Linux Counter. It aims to catalogue the number of registered machines using the numerous varients of the Ubuntu Linux distribution.

Why? Because, quite simply, Ubuntu rocks.

To register your Ubuntu machines, simply register yourself as a user, and add your machines to your account.

Once registered, you will have a user button (like the ones below) to place on your website, in forum signatures or wherever you want!

Testing firewall rules

Sometimes it is handy to check firewall rules without coordinating a test with the end user. For these tests, use the hping2 utility to "spoof" traffic coming from the source IP address(es) used in the firewall rules.

At the same time, monitor the internal and external network interfaces on the firewall to make sure traffic is reaching the firewall and allowed through the firewall. In order to do this, you must have root access on the firewall and on the machine running hping2.

Example firewall rule:
Permit source IP 192.168.1.1 to communicate with destination IP 10.0.0.1 over TCP port 1000.

To test the rule, issue the following hping2 command:

hping2 -a 192.168.1.1 10.0.0.1 -p 1000

At the same time, log into the firewall and run the following commands (example with internal network interface etho and external network interface eth1)

In window 1:
tcpdump -i eth0 host 192.168.1.1 and port 1000

In window 2:
tcpdump -i eth1 host 10.0.0.1 and port 1000

If you do not see any output in window 1, traffic is not reaching the firewall. A choke router or other packet-filtering device may not be allowing the traffic to reach the firewall.

If you see output in window 1 but not in window 2, traffic is not being allowed through the firewall. Check the firewall rulebase for any errors.

ctime, atime, and mtime

It is important to distinguish between a file or directory's change time (ctime), access time (atime), and modify time (mtime).

ctime -- In UNIX, it is not possible to tell the actual creation time of a file. The ctime--change time--is the time when changes were made to the file or directory's inode (owner, permissions, etc.). It is needed by the dump command to determine if the file needs to be backed up. You can view the ctime with the ls -lc command.

atime -- The atime--access time--is the time when the data of a file was last accessed. Displaying the contents of a file or executing a shell script will update a file's atime, for example. You can view the atime with the ls -lu command.

mtime -- The mtime--modify time--is the time when the actual contents of a file was last modified. This is the time displayed in a long directoring listing (ls -l).

In Linux, the stat command will show these three times.

Important parts of the kernel in form of picture

The Linux kernel consists of several important parts: process management, memory management, hardware device drivers, filesystem drivers, network management, and various other bits and pieces. Figure shows some of them.

Probably the most important parts of the kernel (nothing else works without them) are memory management and process management. Memory management takes care of assigning memory areas and swap space areas to processes, parts of the kernel, and for the buffer cache. Process management creates processes, and implements multitasking by switching the active process on the processor.

Arch Linux Wallpaper

Create your own Live CD in 7 Steps

Revisor enables you to customize and compose your own Fedora based installation and live media. It does so by presenting you a GUI with all options you can click you way through, and a CLI and extended configuration files for the more advanced users. Features that Revisor has vary from customizing the packages available during the installation and/or installed on the live media, to fully customizing the desktop environment for the live media.

If you are running Fedora 7 or later you can install it using yum:

# yum install revisor

How to compile & execute C programs under Linux

Once you have written and saved your C program using any editor return to the prompt. An “ls” command should display your C program. It should have the .c extension. Now at the prompt type the following

$ gcc -o firstprogram firstprogram.c

If your file is named firstprogram.c then type ‘-o firstprogram’ as the parameter to gcc. This is basically your suggested name for the executable file that gcc would create. In case you typed something like the following

$ gcc firstprogram.c

You would be having a a.out in the same directory as the source C file. This is the default name of the executable that gcc creates. This would create problems when you compile many programs in one directory. So you override this with the -o option followed by the name of the executable

$ gcc -o hello secondprogram.c

Would create an executable by the name hello for your source code named secondprogram.c
Running the executable that you created is as simple as typing the following at the prompt.

$ ./firstprogram
OR
$ ./hello

Or whatever you named your executable.

How to Ignore ping request

To turn answers to icmp_echos (ping) off, as root type:

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

and to turn it on again type:

echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all

Hide DNS server (BIND) version from others

DNS server is one of the most targeted application for attack, It’s always a good idea to hide your DNS server version information so that BAD guys cannot view the version and start the attack to this specific version of your DNS server (Bind).

To hide your version of bind, add the following value to named.conf in the options section section as follows:

options {
directory “/var/named”;
version “[SECURED]”;
};

Free Software Stickers (GNU)

Filled with hundreds of creative sticker design, the Free Software Stickers lets you announce to the world that you are using Free Software operated computer.

The book is a must-have for all Linux and Free Software geeks around the world. It has a collection of distro related stickers including Debian, SUSE, Slackware, Gentoo, Ubuntu, Fedora, kubuntu, Red Hat and various other non-Linux Free Software.

This book includes a set of stickers related to free software projects. Now you may remove the Microsoft sticker from your computer and choose a sticker from this book with which to replace it. If you want to participate in Sticker Book Project, you can send your sticker/s to jalbusac (at) gmail.com.

| (ODG vol.3) | sources

Visual diff/merge tool - Meld

Meld is a powerful visual diff and merge tool. It displays colour-coded two- and three-way diffs and enables you to merge or edit the compared files. It can work with version control systems (cvs, svn, hg) and can diff directories. The GTK-based interface is clean and features tabs and a toolbar.

Meld does a great job of simplifying edit and merge tasks; when comparing files, for example, you can simply click on the arrows in the middle column to merge text from one side to the other (see screenshot). Holding down Ctrl reveals insert-before/insert-after options, and holding down Shift enables one-click block deletion.

Installing from the command line: yum install meld
Menu location after installation: Applications > Programming > Meld Diff Viewer
Command: /usr/bin/meld
Upstream website: http://meld.sourceforge.net/

Enable support for iPods in Ubuntu

Thanks to the good folks in the Ubuntu community, there is a mind-blowingly easy solution to add support for all iPods to the system. Programs like Gtkpod and Rhytmbox call on the gpod library to interact with your iPod, so all you have to do is get the latest version. Simply download this deb package, and run it with Gdebi, which should be the default choice in Firefox. Then, if you don't have it already, use the Synaptic package manager to download Gtkpod, which we found to be the more reliable choice for working with new iPods.

A free penetration testing toolkit - Inguma

Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler.

Inguma comes with 2 GUIs: text based and PyQT based. The most tested one and the only one that will surely work is the text based. The PyQT one is _only_ the first version of it.

Download here

Software installation made easy for users and developers

Autopackage aims to do for GNU/Linux what “Install Shield” does for Windows. It uses a completely new package format, which includes a pointer to where required library files can be found. From a user’s perspective it just works, but in the background Autopackage checks dependencies and resolves them automatically.

For users: it makes software installation on Linux easier. If a project provides an autopackage, you know it can work on your distribution. You know it'll integrate nicely with your desktop and you know it'll be up to date, because it's provided by the software developers themselves. You don't have to choose which distro you run based on how many packages are available.

For developers: it's software that lets you create binary packages for Linux that will install on any distribution, can automatically resolve dependencies and can be installed using multiple front ends, for instance from the command line or from a graphical interface. It lets you get your software to your users quicker, easier and more reliably. It immediately increases your user base by allowing people with no native package to run your software within seconds.

Here is the FAQ

Installing ATI drivers on Ubuntu

Download ATI driver from their website. Next login as root in ubuntu. Then double click the downloaded file. You will get different options here choose to run the file. The next screen asks you if you want install the drivers or if you want to generate a package. Choose to install the drivers. Then after the installation one will have to manually change the drivers to fglrx. To do this open up a terminal and type

sudo dpkg-reconfigure xserver-xorg

Go through this wizard and at the part where you have to select the drivers(vesa will be the default one) press the up arrow button and go up to select the fglrx drivers.
Continue the wizard and restart XServer by pressing ctrl+alt+backspace.
For Teams - First GNOME& Xfce users go to http://gnome-look.org and KDE users to kde-look.org.
Now in gnome-look.org
Gutsy users can browse through metacity themes and download. Then under System->Preferences
select appearance and then select install theme.
Fiesty users need to download GTK 2.x themes.
For Gnomer’s
Go to synaptic and search for gcursor. Install it. Restart X. Go to gnome-look.org. Download your favourite cursor theme. Open gcursor and select install theme and voila instant pimpin.

Security audits of network device configuration files

Nipper performs security audits of network device configuration files. The report produced by Nipper includes; detailed security-related issues with recommendations, a configuration report and various appendices. Nipper has a large number of configuration options.

Nipper has no requirements. However, if you want to use the SNMP features under Linux you will also need a TFTP server and the Net-SNMP package.

Nipper currently supports the following device types:

Cisco IOS-based Switches
Cisco IOS-based Routers
Cisco IOS-based Catalysts
Cisco NMP-based Catalysts
Cisco CatOS-based Catalysts
Cisco PIX-based Firewalls
Cisco ASA-based Firewalls
Cisco FWSM-based Firewalls
Cisco CSS-based Content Service Switches
Juniper NetScreen ScreenOS-based Firewalls
CheckPoint Firewall-1-based Firewalls
Nortel Passport-based Devices
SonicWALL SonicOS-based Firewalls

Download : here

Detect - how much you expose to hackers

Examples of data seepage are what happens when you power-on your computer. It will broadcast to the world the list of WiFi access-points you've got cached on your computer, the previous IP address you used (requested by DHCP), your NetBIOS name, your login ID, and a list of servers (via NetBIOS request) you want connections to.
Even if you then establish a VPN connection to hide everything else, you've already broadcasted this information to everyone on the local network.
The FERRET tool gathers this broadcasted information and correlates it. It demonstrates how much you expose to hackers.
Download Ferret : here

Accessing the Windows Partition from Fedora Linux

When running Fedora Linux it is possible to access files located on the Windows partition. To achieve this it is necessary to mount the Windows partition. The first step is to create a directory to use as the mount point. In this example we will create a directory called /windows from the terminal window:

su - mkdir /windows

Next, we need to run the mount command (still as super user and assuming the Windows partition is /dev/sda1 and NTFS format - this may be different on your system):

mount -t ntfs-3g /dev/sda1 /windows

Under some circumstances you may get a message that the Windows partition needs to be checked. If so, either reboot into Windows again, or force the mount:

mount -t ntfs-3g /dev/sda1 /windows -o force

To automate the mount each time the system is booted, simply add the mount line to the /etc/fstab file:

/dev/sda1 /windows ntfs-3g defaults,force 0 0

To unmount the Windows filesystem at any time:

umount /windows

Install/configure Compiz Fusion on openSUSE 10.3 for Intel onboard graphics

First up, download the required Compiz Fusion packages via 1-click install; Here are the links:

1-Click Installer for KDE

1-Click Installer for GNOME

1-Click Installer for Compiz Manager

We’ll have make some changes to /etc/X11/xorg.conf as well.

So open the Terminal and type

kdesu kate /etc/X11/xorg.conf –> This is for KDE users
gksudo gedit /etc/X11/xorg.conf –> This is for GNOME users

Now scroll down to Section “Module” section and check if the below are present. If not, add them.

Section "Module"
Load "dri"
Load "glx"
Load "dbe"

Add these to Section “Device”

Option "XAANoOffscreenPixmaps" "true"
Option "DRI" "true"

Add these to Section “ServerLayout”

Option "AIGLX" "true"

Make sure Section “DRI” looks like this

Group "video"
Mode 0660

Finally, add this to Section “Extensions”

Option "Composite" "Enable"

Next, we’ll have to modify /usr/bin/compiz-manager to ensure that Indirect Rendering is done. For that, open Terminal and type

kdesu kate /usr/bin/compiz-manager –> For KDE Users
gksudo gedit /usr/bin/compiz-manager –> For GNOME Users

Scroll down to COMPIZ_OPTIONS and add –indirect-rendering. So now, your COMPIZ_OPTIONS should look something like

COMPIZ_OPTIONS=”–indirect-rendering –sm-disable –ignore-desktop-hints ccp –replace”
Also, For GMA X3000/3100/ 965 Chipset users, Find this section

# blacklist based on the pci ids
# See http://wiki.compiz-fusion.org/Hardware/Blacklist for details
T=” 1002:5954 1002:5854 1002:5955″ # ati rs480
T=”$T 1002:4153″ # ATI Rv350
T=”$T 8086:2982 8086:2992 8086:29a2 8086:2a02 8086:2a12″ # intel 965
BLACKLIST_PCIIDS=”$T”
unset T

And Change this to

# blacklist based on the pci ids
# See http://wiki.compiz-fusion.org/Hardware/Blacklist for details
T=” 1002:5954 1002:5854 1002:5955″ # ati rs480
T=”$T 1002:4153″ # ATI Rv350
# T=”$T 8086:2982 8086:2992 8086:29a2 8086:2a02 8086:2a12″ # intel 965
BLACKLIST_PCIIDS=”$T”
unset T

That’s about enough tweaking! To launch compiz-fusion, at the terminal type
compiz-manager

Configure/Install Compiz Fusion on openSUSE 10.3 for nVidia cards

First, you’ll have to download nVidia’s drivers. You can get it, via the 1-click install(for Legacy cards, click here) download the latest drivers from nvidia’s site and doing a manual install of the drivers.

Manual install of nVidia drivers

Pre-requisites:

compiler gcc,
program make and
package kernel-source

You can install these from openSUSE DVD. After these are installed,
Get the drivers from nvidia’s site and save it.
Open up the terminal, and su to root by typing su root
Switch to console mode by typing init 3
Switch directory to where the driver is downloaded and saved
cd /path/to/where/driver/is/saved
Run the installer script
sh NVIDIA-Linux----.run
Add the composite, render-accel and ARGB-GLX visuals to xorg.conf



nvidia-xconfig --composite

nvidia-xconfig --render-accel

nvidia-xconfig --add-argb-glx-visuals -d 24

Installing Compiz Fusion

For KDE users, here’s the 1-click installer
For GNOME users, Here’s the 1-click installer
Install Compiz Manager to autostart compiz: 1-click installer
Installation is done! Just run compiz by Clicking on the Compiz-Fusion Icon

Configure Gmail account on Linux

The first step is to configure your GMail account to enable POP access. Start a browser, log into your GMail account and click on the Settings link at the top of the page. On the settings page, click on Forwarding and POP. On the GMail forwarding and POP screen, make sure the POP download is enabled. Make selections to control whether email is also left on the GMail server and whether all existing email should also be downloaded, in addition to new messages.

Click on Save Changes to complete the configuration process.

To Receive GMail Messages

Enter pop.gmail.com as the Server and your full Gmail address as the username. Finally, change the Use Secure Connection drop down menu to SSL encryption. Check the Remember password check box if you do not want to re-enter the password each time you re-start Evolution:

Sending Gmail Messages

On the Sending Email screen, set the Server Type to SMTP. Enter smtp.gmail.com as the Server and your full Gmail address as the username. Finally, change the Use Secure Connection drop down menu to SSL encryption. Check the Remember password check box if you do not want to re-enter the password each time you re-start Evolution:

Installing the Apache Web Server on Ubuntu Linux

The standard web server on Linux is Apache. The web server is the technology that receives requests from web browsers and servers up the requested web pages to those browsers.

The desktop version of Ubuntu Linux does not install the Apache web server by default. The first step in setting up a web server, therefore, is to install Apache.

To install Apache from the command-line start a terminal window (Applications->Accessories->Terminal) and run the following command at the command prompt:

sudo apt-get install apache2

The installing process will not only install, but also start up the web server.

Testing the Web Server
Once the installation is complete the next step is to verify the web server is up and running. To do this fire up the web browser by clicking on the Firefox logo and enter 127.0.0.1/apache2-default in the address bar (127.0.0.1 is the loop-back network address which tells the system to connect to the local machine). The browser should load a page that reads It works!.

Congratulations, you have now installed the web server and served up what will hopefully be the first of many web pages.

Installing Firestarter on Ubuntu Linux

Installing Firestarter on Ubuntu Linux

Firestarter is not installed by default when Ubuntu Linux is first installed. The first step in using Firestarter, therefore, is to install it.

To install from the command line, begin by opening a terminal window by selecting the Applications menu and selecting Terminal from the Accessories menu. In the terminal window enter the following command and press enter to execute it:

sudo apt-get install firestarter

Enter your password when prompted to do so and wait while Firestarter is downloaded and installed.

Firestarter will now be listed in the System->Administration desktop menu. To launch Firestarter select this menu option. The first time Firestarter is run it will ask a number of questions about your network environment.

Small History of "Ubuntu"

The word "Ubuntu" is an ancient Zulu and Xhosa word which means "humanity to others". Ubuntu also means "I am what I am because of who we all are". It was chosen because these sentiments precisely describe the spirit of the Ubuntu Linux distribution.

Ubuntu is one of a number of Linux distributions. The source code that makes up the Ubuntu Linux distribution originates from Debian (so called because it was started by two people named Debra and Ian). Debian is still a widely respected operating system but came under criticism for infrequent updates and less than user friendly installation and maintenance.

A South African internet mogul (who made his fortune selling his company to VeriSign for around $500 million) decided it was time for a more user friendly Linux. He took the Debian distribution and worked to make it a more human friendly distribution which he called Ubuntu. He subsequently formed a company called Canonical Ltd to promote and provide support for Ubuntu Linux. In addition Shuttleworth has formed and funded (to the tune of $10 million) a foundation to guarantee the future of Ubuntu.

The rest, as they say, is history. Ubuntu has since gone from strength to strength. Dell now ship computers pre-loaded with Ubuntu Linux and Ubuntu usually tops the chart at DistroWatch.com (a web site which tracks the popularity of the various Linux distributions).

If you are new to Linux, or already use Linux and want to try a different Linux distro it is unlikely you will find a better option than Ubuntu Linux.

Beautiful Firefox wallpaper

Ubuntu Tweak

Ubuntu Tweak is a tool for Ubuntu that makes it easy to configure your system and desktop settings.

It provided many useful desktop and system options that the default desktop environment isn't provided.

Features of Ubuntu Tweak:

* View of Basic System Information(Distribution, Kernel, CPU, Memory, etc.)
* GNOME Session Control
* Auto Start Program Control
* Show/Hide and Change Splash screen
* Show/Hide desktop icons or Mounted Volumes
* Show/Hide/Rename Computer, Home, Trash icon or Network icon
* Tweak Metacity Window Manager’s Style and Behavior
* Compiz Fusion settings, Screen Edge Settings, Window Effects Settings, Menu Effect Settins
* GNOME Panel Settings
* Nautilus Settings
* Advanced Power Management Settings
* System Security Settings

Download here

Top 10 Linux Desktop Hurdles

Unlike the myths that are behind the prevention of Linux adoption, this piece will closely examine the indisputable obstacles and what will have to be done to overcome each of them.

In the past, many desktop Linux users have opted to simply point to the hardware industry or Microsoft as the root cause of a lack of mainstream adoption. In reality, there are actually core issues extending beyond hardware -- and competition from the proprietary markets -- that simply must be dealt with head on.

With that said, hardware compatibility and competition from closed-source vendors are valid issues, just not solid core excuses for the lack of mainstream interest.

Read More

The most dangerous Rootkit

Dubbed "Mebroot," the rootkit infects the master boot record (MBR), the first sector of a PC's hard drive that the computer looks to before loading the operating system. Since it loads before anything else, Mebroot is nearly invisible to security software.

"You can't execute any earlier than that," F-Secure's chief research officer, Mikko Hypponen, said.

Once a machine is infected, the hacker controlling the rootkit has complete control over the victim's machine, opening up the potential for a variety of other attacks.

For example, the hacker could try and download other malicious software to the machine to log a person's keystrokes and collect financial or personal data

It's still unknown how widespread Mebroot is. VeriSign's iDefense Intelligence Team has said 5,000 users were infected in separate attacks on Dec. 12 and Dec. 19

What is rootkit : The name for a kit of hacker utilities placed on a UNIX machine after a successful compromise. A typical rootkit includes: password sniffer log cleaners replacement binaries for common programs on the system (e.g. inetd) backdoor programs replacements to programs like ls and find so that they will not reveal the presence of the rootkit files. Key point: A rootkit contains many trojaned programs. These programs are used to allow the hacker entry back into the system and to hide the presence of the hacker

GNU/Linux Vs FreeBSD

GNU/Linux is the most popular operating system built with free/open source software. However, it is not the only one: FreeBSD is also becoming popular for its stability, robustness and security. In this article, I’ll take a look at their similarities and differences.

Read Complete Article here

Dell’s Ubuntu Linux PCs aren’t setting the world on fire

OK, so Dell’s desktop Linux PCs aren’t setting the world on fire. The PC giant has sold about 40,000 of the Ubuntu Linux PCs since introducing them at the end of July. That’s a run rate of about 8,000 per month. And one of those systems was sold to The VAR Guy. So what will Dell do next? End the Linux experiment based on slow sales? Guess again.

Instead of backing off its Ubuntu Linux commitment, Dell continues to see big promise in the technology. The company will likely certify its servers to run Ubuntu Linux. The VAR Guy first reported over the summer and again in October that Canonical — Ubuntu’s promoter — planned to make a small business server push sometime in late 2007 or 2008. Now, reports are circulating that Dell will jump on that bandwagon.

Smart move. There’s a void in the small business server market. Windows Small Business Server is too complex for some small businesses. And neither Red Hat nor Novell have effectively mobilized their businesses to fully unlock small business opportunities.

Canonical working with Dell provides a rather interesting market alternative. Plus, there are strong indications that Canonical’s small business server will involve LAMP (Linux, Apache, MySQL, PHP, etc.), the server stack that’s so freakin’ popular in large enterprises and universities.

Ref: Theregister

So ... you think you know Linux? Take a Quiz on History of Linux

So ... you think you know Linux, the operating system that is as much a product of evolution as invention? Prove it by taking this short History of Linux quiz. Your results are scored so you know just how much open source credibility you have. And in the unlikely event you make a mistake, they even tell you the right answer.

Quiz here.

I Scored 80 points out of 100 :), what's your score?

Encrypting files with OpenSSL

Need to Keep Secrets? Encrypt it.

To Encrypt:

$ openssl des3 -salt -in file.txt -out file.des3

The above will prompt for a password, or you can put it in
with a -k option, assuming you're on a trusted server.

To Decrypt

$ openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword

Need to encrypt what you type? Enter the following, then start typing
and ^D to end.

$ openssl des3 -salt -out stuff.txt

HowTo Clean and Re-build Squid cache

First, Check you squid.conf file and locate the location of you cache directory, you should have line starting with "cache_dir"

1) Shutdown your squid server
squid -k shutdown

2) Remove the cache directory
rm -r /squid/cache/*

3) Re-Create the squid cache directory
squid -z

4) Start the squid

Create your personal YouTube

FlowPlayer is a Flash media player. You can use it on your HTML pages to play video files. “It is your personal YouTube”. It is highly customizable which upports all the features you’ll possibly need and these features can be configured the way you like. FlowPlayer’s skin is flexible and will smoothly melt into your site. Progressive downloading, solid streming, long play features, playlists, fullscreen mode and etc… Everything you’ll need to provide rich user experience. Flowplayer is licenced under the GPL license so it’s free too.

Download FlowPlayer here.

Boot Process Performance Visualization

Bootchart is a tool for performance analysis and visualization of the GNU/Linux boot process. Resource utilization and process information are collected during the boot process and are later rendered in a PNG, SVG or EPS encoded chart.

Bootchart provides a shell script to be run by the kernel in the init phase. The script will run in background and collect process information, CPU statistics and disk usage statistics from the /proc file system. The performance data are stored in memory and are written to disk once the boot process completes.

Run Linux on Windows seamlessly without virtualizers

andLinux is a complete Ubuntu Linux system running seamlessly in Windows 2000 based systems (2000, XP, 2003, Vista [32-bit only])

andLinux uses coLinux as its core which is confusing for many people. coLinux is a port of the Linux kernel to Windows. Although this technology is a bit like running Linux in a virtual machine, coLinux differs itself by being more of a merger of Windows and the Linux kernel and not an emulated PC, making it more efficient. Xming is used as X server and PulseAudio as sound server.

andLinux is not just for development and runs almost all Linux applications without modification.

Download andLinux from here.

Alternative Boot Loaders

If you do not wish to use a boot loader, you have several alternatives:

LOADLIN

You can load Linux from MS-DOS. Unfortunately, this requires a copy of the Linux kernel (and an initial RAM disk, if you have a SCSI adapter) to be available on an MS-DOS partition. The only way to accomplish this is to boot your Linux system using some other method (for example, from a boot CD-ROM) and then copy the kernel to an MS-DOS partition. LOADLIN is available from

ftp://metalab.unc.edu/pub/Linux/system/boot/dualboot/

and associated mirror sites.

SYSLINUX

SYSLINUX is an MS-DOS program very similar to LOADLIN. It is also available from

ftp://metalab.unc.edu/pub/Linux/system/boot/loaders/

and associated mirror sites.

Commercial boot loaders

You can load Linux using commercial boot loaders. For example, System Commander and Partition Magic are able to boot Linux (but still require GRUB to be installed in your Linux root partition).

Network Configuration Files in RedHat and Fedora

The primary network configuration files are as follows:

/etc/hosts

It can also be used to resolve hostnames on small networks with no DNS server. For more information, refer to the hosts man page.

/etc/resolv.conf

This file specifies the IP addresses of DNS servers and the search domain. For more information about this file, refer to the resolv.conf man page.

/etc/sysconfig/network

This file specifies routing and host information for all network interfaces.

/etc/sysconfig/network-scripts/ifcfg-

For each network interface, there is a corresponding interface configuration script. Each of these files provide information specific to a particular network interface.

HowTo Install GRUB

If GRUB was not installed during the installation process, it can be installed afterward. Once installed, it automatically becomes the default boot loader.

Before installing GRUB, make sure to use the latest GRUB package available or use the GRUB package from the installation CD-ROMs.

Once the GRUB package is installed, open a root shell prompt and run the command /sbin/grub-install , where is the location that the GRUB Stage 1 boot loader should be installed. For example, the following command installs GRUB to the MBR of the master IDE device on the primary IDE bus:

        /sbin/grub-install /dev/hda

The next time the system boots, the GRUB graphical boot loader menu appears before the kernel loads into memory.

HowTo get information about your filesystem?

At times, you need some information about your file system. There is a utility dumpe2fs which can give you number of information about Linux file system. For example, if you want status of bad blocks on a device containing Linux file system, run dumpe2fs with option –b. It will check for bad blocks and give you information about the bad blocks it finds in a dumped file. Dumpe2fs has various arguments and options and you can get the information you need about your file system for a quick diagnosis. For more information on dumpe2fs, see its man pages.

# dumpe2fs /dev/sda6 | more

Filesystem volume name: Root
Last mounted on:
Filesystem UUID: 85b12d68-aa77-4b03-83d1-63fecf66b276
Filesystem magic number: 0xEF53
Filesystem revision #: 1 (dynamic)
Filesystem features: has_journal resize_inode dir_index filetype needs_recovery sparse_super large_file
Filesystem flags: signed directory hash
Default mount options: (none)
Filesystem state: clean
Errors behavior: Continue
Filesystem OS type: Linux
Inode count: 2496960
Block count: 4992190
Reserved block count: 249609
Free blocks: 1705515
Free inodes: 2079363
First block: 0
Block size: 4096
Fragment size: 4096
Reserved GDT blocks: 1022
Blocks per group: 32768
Fragments per group: 32768
Inodes per group: 16320
Inode blocks per group: 510
Filesystem created: Sun Nov 4 15:53:20 2007
Last mount time: Fri Mar 7 01:29:50 2008
Last write time: Fri Mar 7 01:29:50 2008
Mount count: 10
Maximum mount count: 500
Last checked: Fri Feb 29 03:31:48 2008
Check interval: 5184000 (2 months)
Next check after: Tue Apr 29 03:31:48 2008
Reserved blocks uid: 0 (user root)
Reserved blocks gid: 0 (group root)
First inode: 11
Inode size: 128
Journal inode: 8
First orphan inode: 851245
Default directory hash: tea
Directory Hash Seed: 8c4179e2-9bfb-4d55-a046-ba92f1f2bf88
Journal backup: inode blocks
Journal size: 128M

Is Linus is the real author of LINUX?

“A couple of years ago this guy called Ken Brown wrote a book saying that Linus stole Linux from me… It later came out that Microsoft had paid him to do this…”

–Andrew S Tanenbaum, father on MINIX

The Alexis de Tocqueville Institution released a report based on a forthcoming book by Ken Brown, "Samizdat: And Other Issues Regarding the 'Source' Of Open Source Code", which challenges the claim that Linus Torvalds write Linux.

Linus responded in a LinuxWorld interview with his typical sense of humour: "Ok, I admit it. I was just a front-man for the real fathers of Linux, the Tooth Fairy and Santa Claus." He also added that he is relieved that he can return to his chosen profession: "the exploration of the fascinating mating dance of the common newt."

The story which broke the news about the report states that "Brown's account is based on extensive interviews with more than two dozen leading technologists including Richard Stallman, Dennis Ritchie, and Andrew Tanenbaum." Newsforge, however, carried a story stating that "The greater part of Brown's sources are personal Web pages of people who are not considered experts in the field of Unix, Linux, GNU, or other related subjects, home pages of people who are considered experts but were speaking generally about the subject of the history of Unix, and quotes taken grossly out of context from interviews that Brown did not conduct or take part in."

Andrew Tanenbaum, however, was directly interviewed by Ken Brown. As soon as news about the report broke, Tanenbaum wrote to Slashdot to provide a link to a page on his website which details what exactly went on in this interview.

In this page, Tanenbaum says that he quickly became suspicious of Brown and his motives. Brown, he says, was evasive about his reasons for the interview, and would not reveal who was providing his funding (though Wired have speculated that Microsoft are one of AdTI's main sponsors). He also found that Brown knew nothing about the history of Unix. Later in the interview, Brown came to his reason for being there, asking questions like "Didn't he steal pieces of MINIX without permission?" Though Tanenbaum tried to explain the actual influence that Minix had on Linux, the Newsforge story says that much of the report relies on claims that Linux contains stolen Minix code.

Tanenbaum later provided another page, with the results of a code comparison Alexey Toptygin conducted for Brown, comparing Minix and early versions of Linux. The results are pretty clear: there were only four similar sections of code, one based on the ANSI C standard, two based on POSIX, and the last in the code to access the minix filesystem - code which must be similar to work.

This fresh accusation, on top of those already laid by SCO, has caused Linus to adopt new measures before accepting code into Linux: the Developer's Certificate of Origin, which requires that each contributor state that they are entitled to contribute their code.

USB drivers going GPL-only in kernel 2.6.25

USB drivers for Linux will be GPL-only with the release of the upcoming kernel 2.6.25.. USB maintainer Greg Kroah-Hartman writes:

"Over two years ago, the Linux USB developers stated that they believed there was no way to create a USB kernel driver that was not under the GPL. This patch moves the USB apis to enforce that decision."

So, Just wait for 2.6.25 kernel release from kernel.org,
Apply the patch or compile the new one to have a full support for your USB systems.

HowTo Password Protect the GRUB

The main reason to password protect the GRUB boot loder is to Prevent Access to Single User Mode — If attackers can boot the system into single user mode, they are logged in automatically as root without being prompted for the root password.

To do this, open a shell prompt, log in as root, and type:

/sbin/grub-md5-crypt

When prompted, type the GRUB password and press Enter. This returns an MD5 hash of the password.

Next, edit the GRUB configuration file /boot/grub/grub.conf. Open the file and below the timeout line in the main section of the document, add the following line:

password --md5

Replace with the value returned by /sbin/grub-md5-crypt

HowTo get the firstboot screen again in Fedora/RedHat

The first time the system boots, the /sbin/init program calls the /etc/rc.d/init.d/firstboot script, which in turn launches the Setup Agent. This application allows the user to install the latest updates as well as additional applications.

The /etc/sysconfig/firstboot file tells the Setup Agent application not to run on subsequent reboots. To run it the next time the system boots, remove /etc/sysconfig/firstboot and execute

chkconfig --level 5 firstboot on.

HowTo Verifying Signature of RPM Packages

To check the GnuPG signature of an RPM file after importing the builder's GnuPG key, use the following command (replace with the filename of the RPM package):

rpm -K

If all goes well, the following message is displayed: md5 gpg OK. This means that the signature of the package has been verified, and that it is not corrupt.

HowTo Resize a Partition

Before resizing a partition, boot into rescue mode. Read this for booting into rescue mode.

Start parted, where /dev/sda is the device on which to resize the partition:

parted /dev/sda

View the current partition table to determine the minor number of the partition to resize as well as the start and end points for the partition:

print

To resize the partition, use the resize command followed by the minor number for the partition, the starting place in megabytes, and the end place in megabytes. For example:

resize 3 1024 2048

After resizing the partition, use the print command to confirm that the partition has been resized correctly, is the correct partition type, and is the correct file system type.

After rebooting the system into normal mode, use the command df to make sure the partition was mounted and is recognized with the new size.

HowTo execute the program during Linux startup

The /etc/rc.d/rc.local script is executed by the init command at boot time or when changing runlevels. Adding commands to the bottom of this script is an easy way to perform necessary tasks like starting special services or initialize devices without writing complex initialization scripts in the /etc/rc.d/init.d/ directory and creating symbolic links.

HowTo boot the system into Resuce/Single-User or Emergency Mode

Booting into Rescue Mode

Rescue mode provides the ability to boot a small Linux environment entirely from CD-ROM, or some other boot method, instead of the system's hard drive.

As the name implies, rescue mode is provided to rescue you from something. During normal operation, your Linux system uses files located on your system's hard drive to do everything — run programs, store your files, and more.

Once you have booted using bootable disk, add the keyword rescue as a kernel parameter.

linux rescue

Booting into Single-User Mode

One of the advantages of single-user mode is that you do not need a boot CD-ROM; however, it does not give you the option to mount the file systems as read-only or not mount them at all.

In single-user mode, your computer boots to runlevel 1. Your local file systems are mounted, but your network is not activated.

use the following steps to boot into single-user mode:

1.At the GRUB splash screen at boot time, press any key to enter the GRUB interactive menu.
2.Select Linux with the version of the kernel that you wish to boot and type a to append the line.
3.Go to the end of the line and type single as a separate word (press the Spacebar and then type single). Press Enter to exit edit mode.

Emergency Mode

In emergency mode, you are booted into the most minimal environment possible. The root file system is mounted read-only and almost nothing is set up. The main advantage of emergency mode over single-user mode is that the init files are not loaded. If init is corrupted or not working, you can still mount file systems to recover data that could be lost during a re-installation.

To boot into emergency mode, use the same method as described for single-user mode, with one exception, replace the keyword single with the keyword emergency.

Reference: Here

HowTo make Installation Boot CD-ROM (RedHat)

isolinux is used for booting the Red Hat. To create your own CD-ROM to boot the installation program, use the following instructions:

Copy the isolinux/ directory from the Red Hat Enterprise Linux DVD or CD #1 into a temporary directory

cp -r /isolinux/

Change directories to the directory you have created:

cd

Make sure the files you have copied have appropriate permissions:

chmod u+w isolinux/*

Finally, issue the following command to create the ISO image file:

mkisofs -o file.iso -b isolinux.bin -c boot.cat -no-emul-boot \ -boot-load-size 4 -boot-info-table -R -J -v -T isolinux/

Burn the resulting ISO image (named file.iso and located in ) to a CD-ROM as you normally would.

Limiting large requests in apache

Apache has several directives that allow you to limit the size of a request, this can also be useful for mitigating the effects of a denial of service attack.

A good place to start is the LimitRequestBody directive. This directive is set to unlimited by default. If you are allowing file uploads of no larger than 1MB, you could set this setting to something like:

LimitRequestBody 1048576

If you're not allowing file uploads you can set it even smaller.

Some other directives to look at are LimitRequestFields, LimitRequestFieldSize and LimitRequestLine. These directives are set to a reasonable defaults for most servers, but you may want to tweak them to best fit your needs. See the documentation for more info.

Process Accounting HowTo

Process Accounting is used for

1. Keeps track of user processes.
2. Originally intended as a way to keep track of resources in order to bill departments/users for their usage.
3. Packages

psacct

Turning On/Off

1. Enabling - Use accton command and specify the file for storing the accounting information.

/sbin/accton /var/log/pacct

2. Disabling - Use accton command without specifying a file.

/sbin/accton

Viewing Information

1. ac - The 'ac' command is used to print out a report of connection times.

Examples:

ac # Print total connection time.
ac -dp # Give daily (-d) connection totals by person (-p)
ac --complain # Print out any problems in wtmp file (time-warps, missing records, etc.)

2. sa - The 'sa' command is used to summarize accounting information.

Examples:

sa # Print information about all commands in the process accounting file
sa -u # Print command information by user

3. lastcomm - Displays which commands have been executed.

Examples:

lastcomm # Display all commands executed on system
lastcomm rm # Display information about all invocations of the 'rm' command

Relative vs. Absolute Pathnames

Commands can be given file name arguments in two ways. If you are in the same directory as the file (i.e., the file is in the current directory), then you can just enter the file name on its own (e.g., cp my_file new_file). Otherwise, you can enter the full path name, like cp /home/jack/my_file /home/jack/new_file.

Very often administrators use the notation ./my_file to be clear about the distinction, for instance, cp ./my_file ./new_file. The leading ./ makes it clear that both files are relative to the current directory. File names not starting with a / are called relative path names, and otherwise, absolute path names.

mkswap, swapon, and swapoff

The mkswap command formats a partition to be used as a swap device. For our disk,

mkswap -c /dev/hda5

-c has the same meaning to check for bad blocks.

Once the partition is formatted, the kernel can be signalled to use that partition as a swap partition with

swapon /dev/hda5

and to stop usage,

swapoff /dev/hda5

You Can have as many of them as you like. You can swapon many different partitions simultaneously.

Duplicating a disk

If you have two IDE drives that are of identical size, and provided that you are sure they contain no bad sectors and provided neither are mounted, you can run

dd if=/dev/hdc of=/dev/hdd

to copy the entire disk and avoid having to install an operating system from scratch. It doesn't matter what is on the original (Windows, LINUX, or whatever) since each sector is identically duplicated; the new system will work perfectly.

HowTo Use GPG

1. Key Generation

gpg # Initialize GPG for this user (e.g. create ~/.gnupg). Only have to run once.
gpg --gen-key # Start key generation process. Follow prompts.

2. Viewing Keys

gpg --list-keys # View public keys
gpg --list-secret-keys # View private keys

3. Exporting Public Keys

gpg --export # Exports key in binary format
gpg --export --armor # Export in a usable, ASCII format

4. Importing Public Keys

gpg --import /path/to/public/key/file

5. Encrypting a Message

gpg --encrypt --armor --recipient message_file # Creates encrypted message in an ASCII format

6. Decrypting a Message

gpg encrypted_message_file

You will be prompted for the filename to use for the output of the decryption process.
7. Encrypting with a Symmetric Key

gpg --symmetric --armor message_file

8. Signing and Encrypting a Message

gpg --sign --encrypt --armor --recipient message_file

9. Creating a Detached Signature

gpg --detach-sign --armor message_file # Sender
gpg --verify message_file.asc message_file # Recipient

10. Signing Another's Public Key

A is going to sign B's key.

# First, A must do:
gpg --sign-key B
gpg --export --armor B > B.key

# Then, B must do:
gpg --import B.key

Manual install of nVidia drivers

Installing Compiz Fusion

Last 30 days Popular Posts

Blog Archive