Some useful linux/solaris cmds:

curl –I “website” -> displays header text at index file

curl -s checkip.dyndns.org|sed -e 's/.*Current IP Address: //' -e 's/<.*$//' > myip.txt

curl -s http://whatismyip.org > myip.txt

curl –O <file> “website” -> write index page to <file>

Curl can be used with ftp…

dig [@DNS server] –x IP address -> gives name for IP address

whois -h whois.geektools.com {domainname} -> use a good whois server

To clear DNS cache: service nscd restart

make sure nscd is running, restart named also

To see DNS cache stats: /etc/init.d/nscd -g

lsof

netstat –aplunt -> gives processes as well –plut name servers

tcpdump host 205.152.56.182 and udp port 53 -> linux syntax

snoop host -> solaris syntax

wget –help -> web get over port 80

pgrep “port” -> look for

lspci [-s] [-v]-> linux lists pci cards

lsusb [-s] [-v] -> lists USB devices

cipher /w:”directory” -> windows XP secure wipe

hdparm –I /dev/cdrom -> linux disk parameters

hdparm /dev/sda -> list disk parameters

alterenatives -> linux default prog, java

ip {link|route|address|neighbor} {show|list} -> linux

/sbin/ethtool eth0 – ifo about Ethernet port 0

ssh –X IP address – sets up ssh for X, simply start app, no DISPLAY setting needed.

ping –f –i 2 497shilohdyndns.org -> this will print a period, and backspace over it if ping received. “dots” are then missed pings

rm –Rf -> remove directory recursively

slocate “string” -> uses DB to find “string” file -> “updatedb” will update DB

cd - -> cd to home directory, and do a “pwd”

man –k “term to search for in manual pages”

man -5 “ “ -> file formats

wget –k –p –w 2 –np http://website.com -> will load entire website in directory “website”

rsync -> use to backup files

ps aux |grep `whoami` ->Check processes not run by you

reset -> fix a wonky terminal window

chattr +a filename -> set “append” to filename-can only be appended, not overwritten (nor deleted I presume) – needs ext2 or ext3

iwconfig

iwlist

lastlog to look at login history

“w” and “who” to see login info

su to a user's directory and read the “.bash_history” to see cmd history

cfdisk and then mkfs and hen mount to create file systems

Using grub subcommands:

grub> root(hd0,1) <- identifies boot partitions

grub> setup(hd0) <- writes bootloader to the MBR

grub> grub-install /dev/sda <-write grub bootloader to MBR (using live CD) assumes grub.conf

grub> help

/boot/grub/grub.conf contains boot info

Linux gnome Network Manager:

/etc/init.d/NetworkManager stop

/sbin/chkconfig –level 3 5 NetworkManager off

“zip -r outputfilename *” to zip a directory, including subdirectories – will produce “outputfilename.zip”


Some Solaris 10 cmds:

who -r shows runlevel

pkginfo |grep something

prstat

prtconf

svcadm [restart,start,stop] network/[smtp,inetd,physical]

svccfg and then "list" lists all services

/etc/vfstab is file which specifies mounts at boot; /etc/mnttab is what is mounted...

"smc &" starts mgmt console (equivalent of admintool prior sol 10)

/etc/release shows release

/dev: logial devices; /devices: physical devices

to setup ntp:

edit /etc/inet/ntp.conf

server 222.1.1.56

driftfile /etc/inet/ntp.drift

statsdir /var/ntp

svcadm enable network/ntp

/etc/default/login: edit to enable root at non console

/etc/ssh/sshd_conf: edit to allow root via ssh


1) To allow root to login via telnet

vi /etc/default/login # out console=/dev/console


2) To make backspace key work

vi /etc/profile add line

stty erase "^H" kill "^U" intr "^C" eof "^D"

3) To add lan (old sun boxes)

Hme0 is motherboard port; hme1 is PCI port when single port; qfe0,1,2,3 for qfe Ethernet card; eri for 880/890


ifconfig hme0 plumb

vi /etc/hostname.hme0 out in hostname for this port

/etc/hostname.hme1 also needs entry if hme1 is present


vi /etc/netmasks add entry ip and netmask

222.1.1.0 255.255.255.0

90.30.212.0 255.255.252.0


vi /etc/hosts add ip and hostname FOR EACH device hme0, hme1


ifconfig hme0 inet (ip addr) netmask + broadcast + up


add any routes needed


4) Use of format to create a disk partition and file system (sun)


format (this will list the disks present--pick one)

c0t0d0 disk 0 controller 0, target 0, disk 0

c0t1d0 disk 1 normally – controller 0, target 1, disk 0

c0t0d0s0 – s7 8 possible partitions per disk?


gives prompt of format> (enter p for partition)

gives prompt of partition> (enter p to print layout)

partition> pick slice

answer questions name opt or alternative

permission wm

starting cylinder next available

size (examples printed)

partition>label (writes vtoc to disk)

partition> q

format> q

newfs /dev/rdsk/c0t0d0Sx x is slice or partition on disk

vi /etc/vfstab and add entry for mounting. – copy other entries


make sure there is a mount point.

Cd / ; mkdir /Shasta ; mkdir backup

To mount manually: mount /dev/dsk/c0t0d1s0 /Shasta e.g.


4a) Adding a disk to Linux

add the disk physically, being careful to select a proper SCSI ID (if SCSI). IDE can probably be default cable select (CS)


upon bootup, make sure the BIOS sees disk. If SCSI, exit to SCSI setup routine to check disk.


On boot, check to make sure disk is there via “cat /proc/partitions”

Use fdisk to delete existing partitions and create one or more new ones.

Use “mkfs –t ext2 /dev/sdb1” for example to make file system on disk partition. This is equivalent to formatting in windows.


Create mount points in /mnt, such as “sdb1,” “sdb2,” etc. as convenient points to mount the new disk drive via “mount –t ext2 /dev/sdb1 /mnt/sdb1”

5) To get lots of useful stuff


/usr/platform/`uname -i`/sbin/prtdiag -v



6) TO ENABLE NTP client on Solaris box in S&T:

???? I see files in /etc/inet/ntp.client

copy /etc/inet/ntp.client to ntp.conf

edit ntp.conf to add “server 90.30.213.2” (erase multicastclient line)

cd /etc/init.d and “./xntpd start”

/usr/sbin/ntptrace will trace chain of ntp servers..

/etc/rc2.d/S74xntpd will detect the existence of ntp.conf and start xntpd on bootup.


6b To enable ntp on Linux FC

ntpq –c peers” will list ntp peers and details

remote” is first machine. “refid” is remote machine – reference ID- referred to by remote.


On 222.1.1.56 (ntp server):


[root@ns1 etc]# /usr/sbin/ntpq -c peers

remote refid st t when poll reach delay offset jitter

==============================================================================

ns0.clan .INIT. 16 u - 1024 0 0.000 0.000 4000.00

*snt0.snt.bst.bl 90.152.76.68 4 u 116 128 377 0.292 19.051 11.617

+snt0-1.snt.bst. 90.152.76.68 4 u 61 128 377 0.260 19.283 9.779

LOCAL(0) 73.78.73.84 5 l 35 64 377 0.000 0.000 0.001

ns0.clan 90.30.213.2 5 u 59 128 267 0.211 -16.839 9.348


on 222.1.1.119

[jdloop@CLANFedora-119 ~]$ /usr/sbin/ntpq -c peers

remote refid st t when poll reach delay offset jitter

==============================================================================

*ns0.clan 90.30.213.2 5 u 2 64 7 0.708 -28.978 2.355


*” means it is syncd to this machine…


Sample /etc/ntp.conf file:


restrict default nomodify notrap noquery


restrict 127.0.0.1


# --- OUR TIMESERVERS -----

server 222.1.1.56 - on all machines except 222.1.1.56

server 90.30.213.2 - on 222.1.1.56 machine

server 90.34.5.2


#

fudge 127.127.1.0 stratum 10


driftfile /var/lib/ntp/drift

broadcastdelay 0.008


keys /etc/ntp/keys

restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery

restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery

restrict 2.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery

restrict clock.redhat.com mask 255.255.255.255 nomodify notrap noquery


7) FOR FUNKRADIUS STUFF on 222.1.1.134:


download sbr_sol_all_471.tar into /opt/funkradius directory

tar xvf *.tar and run “sh ./install.sh –all” as root

Answer lots of questions – service provider edition, license

This will create several directories, radius, radadmin


Now you can run “sh ./install.sh –config”

Start radius via “/etc/rc2.d/S90radius start”


to run client on same box as server, open browser to “file:/path…/radadmin/java/default.htm”

to run java client on external box, copy the entire directory /opt/funkradius/radadmin/java to box. double click on index.htm, and allow java applet. Username is admin password is radius (funkradius?) [There may be a “javadirectory.tar” – just copy tar, unzip and double click on index.htm]

The funkradius secret is “funkradius”

Funkradius server: /etc/rc2.d/S90radius start|stop

Funkradius SNMP stuff: /etc/init.d/init.funksnmpd stop|start

To uninstall, run install.sh –unconfig


To enable debugging on radius, enter “2” in logging level in “radius.ini” – will

show up in .log


The log file is in /opt/funkradius/radius/20060804.log e.g. – dated filename


8) FOR INSTALLING OpenSSH on a solaris box: TEMPORARY 7-9-2004 Thanks to Dick Junkins

Unfortunately in the following procedure, the ssh server gets installed as well. As near as we can tell, we can do the full install and then configure solaris NOT to run sshd on startup.

FTP 3 files from 222.1.1.51 FTP server – OpenSSH directory. These can be put in your home directory.

Create an “/etc/passwd” entry: Is the userID OK?? - 105

sshd:x:105:105:sshd privesep:/var/empty:/bin/false”

Create a shadow entry as well:

sshd:NOLOGON:::::::”

Create a PATH in the globalprofile: You may just have to make sure these are IN the path!

MANPATH=/usr/share/man:/usr/local/man”

Run install shell: ./solaris_install.sh

Go to /etc/rc2.d, find S89sshd, mv to oldS89sshd ??? We are trying to keep sshd from starting on bootup.


To install the ssh client on a Windows machine:


FTP putty-0.54-installer.exe from 222.1.1.51/WindowsSSH


Execute this prog to install ssh client


Start putty, enter 222.1.1.55 [or eventually 222.1.1.101] - it will ask you to accept key from ssh server the first time. You MUST have a login on 222.1.1.55. ASK me to create one.


9) To Disable routing between multiple interfaces on the same solaris box:


Solaris: ndd -set /dev/ip ip_forwarding 0


To check to see if routing is running on the box: ??


Ndd –get /dev/ip ip_forwarding


To see if routing protocols are running:

Ps –elf | grep routed

Ps –elf |grep gated


Linux: echo 1>> /etc/sysconfig/network/ip_forward ??? something like this


10) To Add DNS client capabilities on Linux/Solaris


Make sure machine has a fully qualified hostname, e.g. windowspc.clan or “server.sntlabs.com” to be included in our actual domain (must then add name to DNS db.sntlabs.com)

Make sure /etc/resolv.conf has the line “search hosts” and “search clan”


For statically assigned IP addresses, must assign domain name. For DHCP addresses, the DHCP server passes out the domain name.


11) To add DNS client capabilities on Windows machines.


For DHCP machines, the domain will be assigned via DHCP.

For static machines, assign the domain name via TCP/IP properties, advanced -> DNS, and then add an entry to “append these DNS suffixes” – clan. Not sure why this seems to be only combination that works!!


12) To enable DNS server capabilities


named.conf must point to root directory where db files are contained.

Linux: /etc/named.conf: these are the zones that it is responsible for. Linux will setup a “localdomain” zone, and the name of the machine will resolve to machine.localdomain.”

/var/named/chroot/var/named: zone files: Each of the zones listed in named.conf are detailed here. Add MX and NS stuff to the localdomain zone.


DNS testing: www.dnsreports.com www.squish.net/dnscheck


To ADD new domains that the DNS server is to be responsible for, just add the zone, and the reverse zone to the named.conf. Then create the zone files in /var/named/chroot/var/named directory.


13) to add users at cmd line

useradd –d /home/newuser –m newuser”

then issue “passwd newuser” to create passwd for “newuser”


To enable the desktop, you must go into the xstartup directory and uncomment two lines noted..


14) To use freeradius on Fedora Core


stop radiusd via /etc/init.d/radiusd stop


ex /etc/raddb/clients to add BRAS clients

ex /etc/raddb/users to add users


invoke radiusd via “/usr/sbin/radiusd –xxyz –l stdout” for debugging capabilities, otherwise, just go to /etc/init.d and “./radiusd start”


radwho

radtest user passwd localhost 0 testing123


15) To disable password aging:

edit /etc/default/passwd to be:

#ident “@(#)passwd.dfl 1.3 92/07/14 SMI

MAXWEEKS=

MINWEEKS=

PASSLENGTH=6


Issue following commands for all users,including root:

Passwd –x -1 jdloop E.G.


16) Setting up the Linux SENDMAIL and POP3 server (dovecot)

??? Check to make sure the POP3/imap server is running – “dovecot” turn it on and save it if need be. Users on PCs external to the mail server will need a POP email client to retrieve email from the mail server


This site contains the best notes I found!

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch21_:_Configuring_Linux_Mail_Servers#A_General_Guide_To_Using_The_sendmail.mc_File


For sendmail:

Make sure /etc/hosts has FQDN of host:

127.0.0.1 mail.sntlabs.com localhost.localdomain localhost”

Make sure /etc/resolv.conf has “domain “sntlabs.com” and “nameserver 205.152.56.182”


If you only want to SEND mail, then there is usually nothing you have to do. If your domain (such as “clan” or “loop”) is bogus, then the mail server you are connecting to may elect to reject based on a nonexistent domain. But it may not! Send it to a mail server, such as mail.sntlabs.com, which you CONTROL, and add to the access file “accept clan”


If you want to accept mail for delivery as well, then the situation is more complicated…


Be root. Edit sendmail.mc.

-If You MUST use a relay, Change the relay smarthost to “mail.bellsouth.net” OR “mail.sntlabs.com”

-If you do NOT have to use a relay, jus leave this commented out. The mail server will connect directly to foreign mail server once finding its MX entry in its DNS.

A relay may be required if your ISP does NOT allow you to connect to smtp port on any other ISP other than your own. In this case, you must relay thru your own ISP.

-The best way to test is to try “telnet gateway1.att.net smtp” e.g. , or ANY foreign email server, depending where you are. You will actually be talking to mail server if this works…. If this works, then you do NOT need to relay thru your ISP smtp server. You can connect DIRECTLy to the endpoint SMTP server.

-Change the MASQUERADE_AS and MASQUERADE_DOMAIN to your domain, e.g. sntlabs.com

Watch out: if you change masquerade_as to sntlabs.com, and your machine resolves to an sntlabs.com address because it is NAT’d behind an sntlabs.com address, the mail will be delivered to this machine…

-Comment out the DAEMON_OPIONS via dnl # to allow sendmail to listen on all interfaces. If you do not do this, you will ONLY be able to send mail from the box, since sendmail will only listen on 127.0.0.1.

-Change the domain in LOCAL_DOMAIN to sntlabs.com

Install the sendmail-cf package by running “yum install sendmail-cf”

This is installed in /usr/share/sendmail-cf (for some reason).

QUOTE: “If you need to change your sendmail configuration file sendmail.cf (via changing sendmail.mc), you need to install sendmail-cf package.”

Apparently, fedora ships with a simple sendmail.mc/sendmail.cf which works for sending/receiving mail ON the host. It did NOT come with sendmail-cf package!


Stop sendmail via /etc/init.d/sendmail stop

Now do a “make –C /etc/mail” in the /etc/mail directory. Sendmail.cf should be generated from the changed sendmail.mc file. Check the dates on the files to verify

Start sendmail via “/sbin/service sendmail start”


Now we need to modify some access list to let the sendmail box accept SMTP connections from the snbtlabs.com address spaces.

For the “access” file:

Remember that the mail server will appear as a RELAY if you want an email client on a PC to send mail to other domains than the machine local sntlabs.com. SO you must enable RELAYing of some sort. Anybody can actually SEND mail to sntlabs.com, because this is NOT a RELAY function. So beware of spam when they pick up usernames on sntlabs.com.

-edit the “access” file to add the sntlabs.com domain to relay. See NOTE below. The problem is that other spammers can fake the FROM as user@sntlabs.com” and I will relay….

-edit the “access” file to add the subnets you will allow, such as “216.77.106.0/24” “205.152.56.0/24” etc. This may be necessary since these PCs do not “appear” in the sntlabs.com domain. NOTE: see note below. I think correct syntax is “205.152.56” e.g.

As long as the IP address has a reverse DNS entry, the mail server will RELAY.

AS of 9-10-06 I now have “sntlabs.com ACCEPT” and “sntlab.bls.com REJECT” in the access file. “sntlab.bls.com” is old domain of wrenn.

216.77.106.0/24

68.153.4.0/24

68.153.78.0/24

68.153.79.0/24

70.158.190.0/24

205.152.56.0/24

This will all give dsl[1,2,3,4,5,6]-xxx-sntlab.bls.com [or dsl[1,2,3,4,5,6]-xxx-sntlabs.com once domain move is accomplished], and will allow any email client setup in our subnets to use the mail server.

NOTE: 8-30-06: reverse stuff fixed, sntlab.bls.com removed…

NOTE: 12-1-06: above networks added to “access”

NOTE: 12-5-06: had to add “sntlabs.com” back into access file.

Rerun the “make –C /etc/mail” to create the new access.db file. Stop and restart sendmail as before.

NOTE: 12-5-06: turn OFF “FEATURE(‘relay_based_on_MX’)” add dnl in front. IN access file, just list networks in correct syntax – 205.152.56 e.g.


In local-host-names file, add “sntlabs.com” or the domain you will accept mail for. This means this mail server “accepts responsibility” for these names. Not really sure what this means yet…..

NOTE: 12-8-06: I removed sntlabs.com from this file.


In virtusertable file are users which are on this mail server. This file tells sendmail what to do with this mail when received and addressed to these users.


6-7-2007: added sntlabs.com and clan to local-host-names file. Tells sendmail which domains it accepts mail for. Not sure how useful this is.

6-7-2007: enabled “RELAY based on MX” i.e. only relay mail if I am the MX for this IP.


MAIL RELAY TESTING: /www.abuse.net/cgi-bin/relaytest

Use “sendmail –v jdloop@bellsouth.net” to see complete SMTP exchanges between servers.


To use the procmailrc:

To block all mail to root, e.g. create .procmailrc file in /root directory:


:0

* ? formail -x"From:" | grep -iv @.*sntlabs\.com

/dev/null



16A) Setting up a Linux box to use sendmail as a “client”


It is safe to use sendmail on an Internet connected box for SENDING mail, because the default sendmail only LISTENs on 127.0.0.1. Thus any user ON the box can SEND mail to an outside user. Can use this for cron email and the like. Just change the smarthost as shown below. If you don’t need to send mail OUTSIDE the box, then the default sendmail config will work just fine – sending mail to users ON the box.


- make sure sendmail is installed “yum install sendmail”

- make sure sendmail.cf is installed “yum install snedmail-cf”

- edit /etc/mail/sendmail.mc to change smarthost to the mailserver you want to use, such as “mail.sntlabs.com”

- run “make –C /etc/mail” to create the new sendmail.cf


- edit /etc/hosts to insert FQDN in place of “localhost.localdomain”

- edit /etc/resolv.conf to add “domain sntlab.bls.com” This domain corresponds to the six IP address spaces we use around here. Although it isn’t really a “domain” as such. When you do an nslookup on one of the addresses, such as 68.153.4.216, you will get “dsl2-216.sntlab.bls.com” The mail relays, like mail.sntlabs.com and mail.bellsouth.net (used by mail.sntlabs.com) apparently do a reverse DNS lookup on the IP address, and there better be an entry.

NOTE: note changed domain to “sntlabs.com”


- start sendmail via “/sbin/service sendmail start”

- make sure it starts at boot via “/sbin/chkconfig –level 2345 sendmail”


16b) Setting up Solaris box on clan to send mail to sntlabs.com

- add entry in hosts file “mail.sntlabs.com 205.152.56.181”

- make sure hostname is FQDN: “222.1.1.123 ascend1.clan ascend1 ….

- set a host specific route to the internet gateway, viz: “ip route mail.sntlabs.com 255.255.255.255 222.1.1.250”

- In the sendmail.cf file, Look for DS and set it to 'DS mail.sntlabs.com'.

- bounce sendmail

NOTE: This will only allow mail to terminate on the sntlabs.com mail server, because if you try to send to “imcingular.com” e.g. it will complain about the “fake” domain clan.


NOTE: I need to figure out how to rewrite domain to sntlabs.com for these emails to be sent/relayed to other domains. Right now imcingular.com email server complains about fake domain clan it finds in FROM.

NOTE: Just use a .forward file in the user’s home directory. [chmod 744 so not group writable for some reason]. This apparently forwards the file with the FROM address using the VALID sntlabs.com domain!!


16c) Mail log files

- on Linux the log is at /var/log/maillog

- on Solaris the log is /var/log/syslog

17) Setting up VNC server in Linux Fedora.

-make sure vnc server is installed via “rpm –q vnc-server”

(yum install vnc-server if necessary)

-go to file /etc/sysconfig/vncservers and add lines at end of file for each user: “VNCSERVERS=”1:jdloop 2:pspecht 3:sstill””

A process is started for each user that listens on the subsequent ports 5901, 5902, 5903, etc. This is apparently unlike the vncserver that gets installed on windows where there is only one process which takes you to the desktop, where the user can login. IN vnc for linux, the vnc client takes you to the individual user’s desktop!

-in login directory for each user (logged in as that user), enter cmd “vncpasswd” and create vncpasswd

-restart vncserver via “/etc/init.d/vncserver restart”

-Once you restart vncserver, it creates an xstartup file in the .vnc directory of each user.

-it also creates a log file in the .vnc directory. As of FC5, there is a problem that keeps adding to the log. SO there is afile fillup problem. I create a cron file « vnclogcleanup » in which I rm the log file, and then retouch it. I then create a cron file, anda dd this to the crontab to execute it every hour.

-in each user .vnc directory, uncomment two lines in xstartup. This is necessary to have a proper desktop. You will have to bounce user shell, or restart vncserver to make it work..

-vncviewer to  222.1.1.78:1 for user jdloop, 222.1.1.78:2 for user pspecht, 222.1.1.78:3 for user sstill

-Login on the console as each user and you may find a “remote desktop control” under preferences. Modify as appropriate – I only found it on FC5, not FC4.

You can also use a browser: http://222.1.1.78:5801 for jdloop, 5802 for specht, 5803 for sstill.


To verify setup, issue “netstat –an |grep 590” to see listening ports. There should be one for each user.


NOTE: in FC5, watch the log file in .vnc directory. This will fill up your file system if you are not careful. Do not know of way around it right now except to do a cron job to rm it occasionally.


I have noticed in FC7 (maybe there before….?) you can go into the system->preferences->internet and network->remote desktop and enable “remote desktop.” This is VNC like you run with windows – it just sends you to the desktop, and asks for a password. No individual user stuff. I am not sure how to enable this from the cmd line.

18) using ssh :

- ???? ssh ~R rekey if server machine changed (or go into .ssh directory, edit hosts file to delete old IP entry)

- ssh –p 222 for different port than 22

- ssh –l usernamne if different than present environment

- ssh –X (capital X) enables X11. Then just start app, no need to set DISPLAY.

- ~. Escape ssh

- e.g.: ssh –X –p 222 –l jdloop 205.152.56.182

ssh to 205.152.56.182 on port 222, user jdloop, and allow X forwarding


18A) Passwordless ssh

- create key pair via ssh-keygen. This produces a public and a private key. id_rsa.pub id_rsa (names??). Copy the public key to the other machine in THIS users' ~user/.ssh directory and put it in the “authorized_keys” file. Repeat in the opposite direction to enable the other direction.


Tunneling over ssh:


Using linux VNC client

In the server config /etc/ssh/sshd_config, and the client config /etc/ssh/ssh_config enable “Gateway Ports”, “AllowTcpForwarding,” “X11 forwarding,” and set the applicable port you are using, which should probably NOT be 22 if you have an ssh server listening on the Internet! You may have to figure out exactly how to enable these in the config files….

On the client, to run vncviewer thru tunnel:

ssh –L5900:192.168.1.32:5900 –p 222 68.153.4.195”

192.168.1.32 is machine on private LAN (on far end, behind NAT/router), 68.153.4.195 is Internet address of private NAT LAN router (assuming we are hitting a NAT/router on other end). The NAT router has to be configured to forward port 222 to the Linux sshd server, which is running on the private LAN.

If you do a “netstat –an |grep 5900” you will apparently NOT see the port 5900 open to the 192.168.1.32 until you actually make the connection with vncviewer!


NOW in a SEPARATE window on the client PC, issue “vncviewer,” for linux, or start your VNC client and Enter the server as “localhost (or 127.0.0.1).” The “password” windows that pops up is from the destination machine at 192.168.1.32. Enter the passwd you configured on that VNC server.

The trick is that “L5900” means that localhost is listening on port 5900 and will forward to the 192.168.1.32:port 5900 (or whatever port you list) over the existing ssh connection.


Using putty VNC PC client

In the putty client, go to tunnels, and enter “5900” in source port.

Enter “192.168.1.32:5900” in the Destination address. Click “add.”

Go back to “session” and enter destination IP address, port number, if different from 22. Login to remote ssh server.

NOW start the VNC client (viewer) and specifiy “localhost” as the server. Enter the passwd that you configured on the remote VNC server.


Using X over ssh

You must have X forwarding enabled in the sshd_config and ssh_config, or in the putty configuration. In the original ssh window, where you have logged in, and are talking to the ssh server, just enter an X command, such as “/usr/X11R6/bin/xclock” and the xclock will pop up on your desktop (as long as you have an X server running!). The DISPLAY variable is normally already set on the remote side as “localhost”.

Slick!


Just do an “ssh –X remote machine.” On the remote machine, you do NOT need to set the display variable. Just start the X app. You will not typically see X server running at port 6000 in this case..


Using RDP over ssh

If you have a WinXP pro, then you can probably run RDP over the ssh by using the port 3389.



19) using scp

This uses ssh protocol over ssh port. Will use existing logged in user for both machines, and will ask for passwd for far end.

To change user, use the “–l user” cmd line option to specify different user at far end.

- scp source destination

e.g. scp 222.1.1.51:file.txt . (OR new file name) [to copy from there to here]

e.g. scp file.txt 222.1.1.51:newfile.txt [to copy from here to there]

e.g. scp –P 222 –l user file.txt 205.152.56.155:newfile.txt [to copy from here to there on a different user, different ssh port]


20) using sftp

-pretty much same


21) Using cron in linux


To set up a cron file for root execution, I believe you can just create a script file, put it in cron.daily, cron.weekly or cron.monthly, chmod 644 on the file and root will execute it. These files are in /etc/cron.daily, /etc/cron.weekly, /etc/cron.monthly. The file /etc/crontab invokes these files…. You can also do the normal cron entry, via creating a file of scripts and issuing “crontab file”


When you create a cron, and issue “crontab file” it put the file in the user’s name in the /var/spool/cron directory. The crond demon checks this every minute I think to find something to execute..


As a user, in home directory,

cd

tar xvf directory.tar .

tftp 222.1.1.61 –c put directory.tar


10 3 * * * /home/jdloop/foo

The format is “minute” “hour” “day” “month” “dayofweek” cmd

This command runs foo at 3:10 AM every day

0 * * * * /home/jdloop/foo

Thi command runs every hour?


chmod +x on foo.cron

issue “crontab foo.cron” to register with system cron demon.

[naming the file with a”.cron” suffix does nOT appear to be necessary….]


root will create /var/spool/cron/jdloop entry and run the cmd as instructed


issue “crontab –l” to see cron jobs

issue “crontab –r” to rmv cron jobs (as user you are creating cron jobs for…)

issue crontab file.cron to OVERWRITE previous crontab file FOR THIS USER ?? I think you can just edit the foo file and crond will pick up new file


BE CAREFUL issuing “crontab file” DO NOT DO THIS AS ROOT – it is USER dependent, NOT Directory dependent


For solaris (linux?): add user to cron.allow to allow user to create cron files. You may have to “merge this” as well.


Each line in the /etc/crontab file represents a task and has the format:

SYNTAX: minute hour day month dayofweek command

minute — any integer from 0 to 59 BEWARE- “0” means it will keep doing it I think

hour — any integer from 0 to 23

day — any integer from 1 to 31 (must be a valid day if a month is specified)

month — any integer from 1 to 12 (or the short name of the month such as jan, feb, and so on)

dayofweek — any integer from 0 to 7, where 0 or 7 represents Sunday (or the short name of the week such as sun, mon, and so on)

command — the command to execute (The command can either be a command such as ls /proc >> /tmp/proc or the command to execute a custom script that you wrote.)

For any of the above values, an asterisk (*) can be used to specify all valid values. For example, an asterisk for the month value means execute the command every month within the constraints of the other values.

A hyphen (-) between integers specifies a range of integers. For example, 1-4 means the integers 1, 2, 3, and 4.

A list of values separated by commas (,) specifies a list. For example, 3, 4, 6, 8 indicates those four specific integers.

The forward slash (/) can be used to specify step values. The value of an integer can be skipped within a range by following the range with /. For example, 0-59/2 can be used to define every other minute in the minute field. Step values can also be used with an asterisk. For instance, the value */3 can be used in the month field to run the task every third month.

Any lines that begin with a hash mark (#) are comments and are not processed.

As you can see from the /etc/crontab file, it uses the run-parts script to execute the scripts in the /etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly, and /etc/cron.monthly directories on an hourly, daily, weekly, or monthly basis respectively. The files in these directories should be shell scripts.

If a cron task needs to be executed on a schedule other than hourly, daily, weekly, or monthly, it can be added to the /etc/cron.d directory. All files in this directory use the same syntax as /etc/crontab. Refer to Example 28-1 for examples.

# record the memory usage of the system every monday
# at 3:30AM in the file /tmp/meminfo
30 3 * * mon cat /proc/meminfo >> /tmp/meminfo
# run custom script the first day of every month at 4:10AM
10 4 1 * * /root/scripts/backup.sh

Example 28-1. Crontab Examples

Users other than root can configure cron tasks by using the crontab utility. All user-defined crontabs are stored in the /var/spool/cron directory and are executed using the usernames of the users that created them. To create a crontab as a user, login as that user and type the command crontab -e to edit the user's crontab using the editor specified by the VISUAL or EDITOR environment variable. The file uses the same format as /etc/crontab. When the changes to the crontab are saved, the crontab is stored according to username and written to the file /var/spool/cron/username.

The cron daemon checks the /etc/crontab file, the /etc/cron.d/ directory, and the /var/spool/cron directory every minute for any changes. If any changes are found, they are loaded into memory. Thus, the daemon does not need to be restarted if a crontab file is changed.
28.1.2. Controlling Access to Cron

The /etc/cron.allow and /etc/cron.deny files are used to restrict access to cron. The format of both access control files is one username on each line. Whitespace is not permitted in either file. The cron daemon (crond) does not have to be restarted if the access control files are modified. The access control files are read each time a user tries to add or delete a cron task.

The root user can always use cron, regardless of the usernames listed in the access control files.

If the file cron.allow exists, only users listed in it are allowed to use cron, and the cron.deny file is ignored.

If cron.allow does not exist, all users listed in cron.deny are not allowed to use cron.
28.1.3. Starting and Stopping the Service

To start the cron service, use the command /sbin/service crond start. To stop the service, use the command /sbin/service crond stop. It is recommended that you start the service at boot time. Refer to Chapter 14 Controlling Access to Services for details on starting the cron service automatically at boot time.



22) Setting up mediawiki on Fedora core Linux


yum install mediawiki (this also installs perl-DBI, mysql[DB client] and php-mysql)

yum install mysql-server [the actual DB server mysqld] [you have the option of installing this when you install linux fedora…..]

2) you can start mysqld via “service mysqld start” and check the port 3306 via “netstat –an |grep 3306” This also creates a DB in /var/lib/mysql

3) stop and restart the httpd service via “service httpd restart”

4) ON the host where mysql and httpd are installed,

There is a /var/log/mysql.log

5) start mysql client via “mysql –u root” [mysqld must be running to do this]

in response to prompt, “use mysql;” [this apparently tells sql to use DB in /var/lib/mysql..] Issue commands: [double quotes NOT necessary….]

update user set Password=PASSWORD(‘XXXXXX’);” SINGLE quotes, NOT Grave quote

flush privileges;”

exit;” [this sets password on mysql client, NOT the DB]

CTL C to exit …I guess…

You can always connect to DB using “mysql –u root –p” and entering the password “XXXXXX”

service mysqld stop”

service httpd stop”

service mysqld start”

service httpd start”



on local host, [you may have to start firefox as root from a cmd line “firefox&”] browse to http://localhost/mediawiki/index.php to run install script. Or run VNC to server if you have it set up, and run firefox on desktop..

- click on setup the wiki

- Specify a name – do not use “mediaWiki” ?? [read the comment]

- set Sysop account and passwd WikiSysop/XXXXXX OR WikiSysopww2/XXXXXX [Lets you administer mediawiki??]

- disable email stuff for now

- set DB “wikidb” user/passwd “wikiuser/XXXXXX” OR “wikiuser/XXXXXX” [The install script can do this if you give it the DB root passwd in next command..] [I think I changed “wikidb” to “root” on some systems….]

- DB superuser root/passwd “XXXXXX” (NOT the linux root passwd)


If the install is reported as successful:

- copy /var/www/mediawiki/config/LocalSettings.php to parent directory.

- Protect the config directory via chmod –w /var/www/mediawiki/config


To enable uploading of files onto the mediawiki, you must change the one setting in the LocalSettings.php file (config directory) and then copy it to the parent directory. It will take effect automatically. You must also make the images directory writable, via “chgrp apache images” and “chmod 770 images”


To allow files other than jpg, ogg to be uploaded, you must add that capability to LocalSettings.php. Look at examples in /includes/DefaultSettings.php – you must add the line to LocalSettings.php ONLY!

PHP has an upload limit of 2MB. Edit php.ini, find “upload” and change to 10MB. Restart httpd


To enable the thumbnails, you must install “ImageMagick” via “yum install ImageMagick.” This install /usr/bin/convert.”

You must also change a couple settings in LocalSettings.php:

- $wgUseImageResize and $wgUseImageMagick to true

Uploading non-image files

By default, MediaWiki only allows you to upload certain types of files (extensions gif, jpg, jpeg, ogg and png). This is managed by this order in includes/DefaultSettings.php:

$wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg', 'ogg' );


If you want to be able to upload other file types, for instance ZIP files you must add this line to LocalSettings.php:

$wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg', 'ogg', 'zip');

Caution: do not modify the line in DefaultSettings.php because it will break when updating

Also you may find php and apache limit the filesize of uploads too giving spurious messages on the upload page such as "The file you uploaded seems to be empty. This might be due to a typo in the file name. Please check whether you really want to upload this file." See Q: What affects the maximum file size which can be uploaded? on this page for details: http://meta.wikimedia.org/wiki/Uploading_files#Frequently_Asked_Questions. (It might be better to have this information conglomerated more centrally).

Take in account there is a blacklist of file extensions in includes/DefaultSettings.php:

$wgFileBlacklist = array(

# HTML may contain cookie-stealing JavaScript and web bugs

'html', 'htm',

# PHP scripts may execute arbitrary code on the server

'php', 'phtml', 'php3', 'php4', 'phps',

# Other types that may be interpreted by some servers

'shtml', 'jhtml', 'pl', 'py',

# May contain harmful executables for Windows victims

'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' );




23) Setting up VSFTPD on Linux


- yum install vsftpd, if not already installed

- the default install allows anonymous FTP, but does NOT allow uploads or directory creation. Go into /etc/vsftpd/vsftpd.conf and uncomment these variables in the file to allow anonymous ftp

-anon_mkdir_write_enable=YEs

-anon_other_write_enable=YES

-anon_upload_enable=YES

-anonymous_enable=YES

-write_enable=YES

NOT setting these variables will allow normal FTP to a user


Restart vsftpd. You must also change the /var/ftp directory to be owned by user “ftp” and group ftp. Create an “upload” directory and change the permissions on directory to 0777 to allow writes.

- the default install allows individual users to ftp in. They ar placed in their home directory, unlike anonymous ftp where they are placed in /var/ftp

- watch SELINUX: If enabled, you must go into security panel, selinux and enable FTP stuff


-consider using scp instead of ftp. E.G. “scp –P 222 file 205.152.56.155:file”

-note CAPITAL P, as opposed to small p in ssh!

-as user jdloop, it will ask your passwd for remote system.

-must accept key for first time.

-must have login on remote system.

Vsftpd options: http://vsftpd.beasts.org/vsftpd_conf.html

24) Setting up httpd on Linux

- watch SELINUX: it seems to prohibit you from enabling httpd port on any but the common ones, 80, 8080


25. Using the serial port on a Linux box


Use “minicom”

In the minicom setup, specify /dev/ttyUSB0 for the USB serial device, ttyS0 for the serial port.

9600 8N1 is usually necessary for most craft interfaces.

26. Using tar

tar cvf filename.tar .” will create a tar file of everything in the directory in which you execute the cmd. Tar file is placed in this directory. You need the trailing “.”

tar cvf /tmp/filename.tar .” will put the tar file in /tmp

tar cvf filename.tar –X tar_exclude_file .” will create a tar file of everything in the directory, EXCEPT those files/directories listed in the “tar_exclude_file.”


tar xvf filename.tar” will extract the tar file into the directory in which you execute the cmd.

tar xvf /tmp/filename.tar” will extract the tar file “/tmp/filename.tar” into the directory in which you execute the cmd.


27 Using arpwatch

Linux machines come with “arpwatch.” Install it if necessary. Place line in S99local “/usr/sbin/arpwatch –e jdloop@sntlabs.com

This will mail changes in IP-MAC tables to this email (see config above for email).

man arpwatch” will describe operation. /var/arpwatch/arp.dat will contain a table of current LAN MAC-IP assignments.


28 tcpdump on linux


/usr/sbin/tcpdump host mail.bellsouth.com



29 Setting up Open LDAP (Fedora-ds) on fedora 6 linux


http://directory.fedoraproject.org


/opt/fedora-ds/slapd-openldap/start-slapd -> start server

/opt/fedora-ds/start-admin -> start admin server


On external box to start console admin (java)

Make sure you have an X server running on your box.


1. ssh –l fedora6ldap 222.1.1.51

2. accept key, give password

3. su and cd to /opt/fedora-ds

4. export DISPLAY=YOURIP:0.0

5 ./startconsole &

30. Setting up bridging in Linux

Yum install bridge-utils to get the “brctl” and “tc” command

Modprobe –v bridge to enable bridging module.


The following cmds add a bridge between eth0 and eth1:

Brctl addbr bridgename

Brctl addif bridgename eth0

Brctl addif bridgename eth1

Ifconfig eth0 up

Ifconfig eth1 up

Ifconfig bridgename up

Brctl show


“tc” commands can do traffic control, filtering, delay at the layer 2. Do a “man tc”


31 Use of Partimage


On a box which you can use as a partimage server (plenty of disk space).

Boot knoppix, and

  1. assign IP to ifce via “ifconfig eth0 192.168.3.76 up”

Look at partitions via “cat /proc/partitions”

Create partition using cfdisk if necessary.

Mount partition via “mount /dev/hda1 /mnt/hda1” -- the “hda1” must match the spec in the /proc/partitions file.

Chmod 0777 on the /mnt/hda1 directory.

Add root user to /etc/partimaged/partimageusers file

Start partimaged via “partimaged –d /mnt/hda1”


On the Client which you wish to copy partitions.

  1. assign IP to ifce via “ifconfig eth0 192.168.3.74 up”

cat /proc/partitions” to look at partitions.

Do NOT mount the partitions.

Start partimage via “partimage” for gui, do a “man partimage” to see cmd line technique.

Select partition in list with CR, tab to remaining

Spec partimaged server IP, and give file name, including COMPLETE path, such as “/mnt/hda1/cms-74-boot.partimage”

Enter Login info using tab keys

Good luck


On the box that you want to construct:

  1. Boot knoppix

Creat the partitions exactly as they exist on the box to be cloned. You should be able to use “cfdisk” to do this.

Assign IP to ifce via “ifconfig eth0 192.168.3.77 up” e.g.

Do NOT mount the partitions.

Start partimage and spec partition to create, the file on the server corresponding to it, and the server IP.


In general, if you want to ssh around, you need to start the ssh server via /etc/init.d/ssh start, and also set a root passwd.

You may also need to establish a route if you are off network via “route add –net 222.1.1.0 netmask 255.255.255.0 gw 192.168.3.254”


When you first boot knoppix, look at ifconfig –a and see if you can see which interface to use – there may be activity there…


32. Use of YUM on Fedora Linux


In /etc/yum.conf turn NO to Yes where needed

In /etc/yum.repos.d, in the fedora.repo and fedora-updates.repo, set enable = 1


Add the livna repo:

Rpm –ivh http://rpm.livna.org/livna-release-7.rpm [this adds files]

Rpm –import /etc/pki/rpm-gpg/RPM-GPG-KEY-livna [this adds livna gpg public key]


The livna repo has all kinds of stuff, which fedora cannot have because fedora is ALL open source.


33. Use of ping in a cron to monitor IP address


Create a file “ping497shiloh” :


Ping –c 1 497shiloh.dyndns.org || mail –s CAMERA jloop1@imcingular.com<<!

Check IP

!


Chmod +x ping497shiloh


Create a file “497shiloh”:


10 * * * * /home/jdloop/ping497shiloh


DO “crontab 497shiloh.” This will put the 497shiloh in the crontab.


Beware that this sends you email on THIS box every time it executes the cron!!