Some useful linux/solaris cmds:
Some useful dhcp notes:
configure interface via network GUI. “activate” will normally bring up DHCP interface to UP and get IP address. “deactivate” will DOWN interface and release IP.
/sbin/dhclient eth1 -v will request DHCP address on eth1. It also puts it in UP.
/sbin/dhclient eth1 -r will release interface and put it in DOWN.
The Network GUI reports interface “Active” if BOTH int UP and has IP address. If UP, not IP, seems to say inactive. Use “ethX” on dhclient cmd line to make consistent.
curl –I “website” -> displays header text at index file
curl -s checkip.dyndns.org|sed -e 's/.*Current IP Address: //' -e 's/<.*$//' > myip.txt
curl -s http://whatismyip.org > myip.txt
curl –O <file> “website” -> write index page to <file>
Curl can be used with ftp…
dig [@DNS server] –x IP address -> gives name for IP address
whois -h whois.geektools.com {domainname} -> use a good whois server
To clear DNS cache: service nscd restart
make sure nscd is running, restart named also
To see DNS cache stats: /etc/init.d/nscd -g
lsof
netstat –aplunt -> gives processes as well –plut name servers
tcpdump host 205.152.56.182 and udp port 53 -> linux syntax
snoop host -> solaris syntax
wget –help -> web get over port 80
pgrep “port” -> look for
lspci [-s] [-v]-> linux lists pci cards
lsusb [-s] [-v] -> lists USB devices
cipher /w:”directory” -> windows XP secure wipe
hdparm –I /dev/cdrom -> linux disk parameters
hdparm /dev/sda -> list disk parameters
fdisk -l /dev/sda
alterenatives -> linux default prog, java
ip {link|route|address|neighbor} {show|list} -> linux
/sbin/ethtool eth0 – info about Ethernet port 0
ssh –X IP address – sets up ssh for X, simply start app, no DISPLAY setting needed.
ping –f –i 2 497shilohdyndns.org -> this will print a period, and backspace over it if ping received. “dots” are then missed pings
rm –Rf -> remove directory recursively
slocate “string” -> uses DB to find “string” file -> “updatedb” will update DB
cd - -> cd to home directory, and do a “pwd”
man –k “term to search for in manual pages”
man -5 “ “ -> file formats
wget –k –p –w 2 –np http://website.com -> will load entire website in directory “website”
rsync -> use to backup files
ps aux |grep `whoami` ->Check processes not run by you
reset -> fix a wonky terminal window
chattr +a filename -> set “append” to filename-can only be appended, not overwritten (nor deleted I presume) – needs ext2 or ext3
iwconfig
iwlist
lastlog to look at login history of all users
last to see stats on users
“w” and “who” to see login info
-/var/run/utmp -current logged in users
-/var/log/wtmp -past logged in users
su to a user's directory and read the “.bash_history” to see cmd history
cfdisk and then mkfs and then mount to create file systems
Using grub subcommands:
grub> root(hd0,1) <- identifies boot partitions
grub> setup(hd0) <- writes bootloader to the MBR
grub> grub-install /dev/sda <-write grub bootloader to MBR (using live CD) assumes grub.conf
grub> help
/boot/grub/grub.conf contains boot info
Linux gnome Network Manager:
/etc/init.d/NetworkManager stop
/sbin/chkconfig –level 3 5 NetworkManager off
“zip -r outputfilename *” to zip a directory, including subdirectories – will produce “outputfilename.zip”
SHELL scripts/cmd lines:
---- cmd1 && cmd2 -> cmd2 gets performed only if cmd1 exits true (return value 0)
---- cmd1 || cmd2 -> cmd gets performed only is cmd1 exits fail (return value not 0)
---- use $( cmds....) instead of backticks ` cmds...`
rpm -q named -> get version of named
Some Solaris 10 cmds:
A list of Solaris networking files:
Files, all in /etc unless noted
resolv.conf, hostname.interface, nodename, defaultdomain, defaultrouter, hosts, netmasks, nsswitch.conf
"sys unconfig" will allow you to redefine all network parameters, and go thru "install" again. Be careful of apps that used IPs!!
who -r shows runlevel
pkginfo |grep something
prstat
prtconf
svcadm [restart,start,stop] network/[smtp,inetd,physical]
svccfg and then "list" lists all services
/etc/vfstab is file which specifies mounts at boot; /etc/mnttab is what is mounted...
prtvtoc /dev/dsk/c1t0d0s2 prints info about disk
prtvtoc /dev/dsk/c1t0d0s2 | fmthard ......... /dev/dsk/c1t1d0s2 copies partition (volume) table to new drive
"smc &" starts mgmt console (equivalent of admintool prior sol 10)
/etc/release shows release
/dev: logial devices; /devices: physical devices
to setup ntp:
edit /etc/inet/ntp.conf
server 222.1.1.56
driftfile /etc/inet/ntp.drift
statsdir /var/ntp
svcadm enable network/ntp
/etc/default/login: edit to enable root at non console
/etc/ssh/sshd_conf: edit to allow root via ssh
dd should be run on /dev/dsk/c1t0d0s2 i.e. block device, not raw device, and be sure to use bs=128k on Solaris
Solaris volume manager stat cmd: metastat
Linux volume (multidisk) cmds "mdadm"
1) To allow root to login via telnet
vi
/etc/default/login # out console=/dev/console
2) To make backspace key work
vi /etc/profile add line
stty erase "^H" kill "^U" intr "^C" eof "^D"
3) To add lan
Hme0 is motherboard port; hme1 is PCI port when single port; qfe0,1,2,3 for qfe Ethernet card; eri for 880/890
bgeo-3 are ports on sunfire
ifconfig hme0 plumb
vi /etc/hostname.hme0 out in hostname for this port - solaris will not bring up port if hostname doesn't have an IP
/etc/hostname.hme1 also needs
entry if hme1 is present
vi /etc/netmasks add entry ip and netmask
222.1.1.0 255.255.255.0
90.30.212.0
255.255.252.0
vi /etc/hosts add ip and hostname
FOR EACH device hme0, hme1
ifconfig hme0 inet (ip addr)
netmask + broadcast + up
add any routes needed
4) Use of format to create a disk partition and file system
format (this will list the disks present--pick one)
c0t0d0 disk 0 controller 0, target 0, disk 0
c0t1d0 disk 1 normally – controller 0, target 1, disk 0
c0t0d0s0 – s7 8 possible partitions per disk?
gives prompt of format> (enter p for partition)
gives prompt of partition> (enter p to print layout)
partition> pick slice
answer questions name opt or alternative
permission wm
starting cylinder next available
size (examples printed)
partition>label (writes vtoc to disk)
partition> q
format -> verify will print partition table
format> q
newfs /dev/rdsk/c0t0d0Sx x is slice or partition on disk
vi /etc/vfstab and add entry for mounting. – copy other entries
make sure there is a mount point.
Cd / ; mkdir /Shasta ; mkdir backup
To mount manually: mount /dev/dsk/c0t0d1s0 /Shasta e.g.
4a) Adding a disk to Linux
add the disk physically, being
careful to select a proper SCSI ID (if SCSI). IDE can probably be default cable
select (CS)
upon bootup, make sure the BIOS
sees disk. If SCSI, exit to SCSI setup routine to check disk.
On boot, check to make sure disk is there via “cat /proc/partitions”
Use fdisk to delete existing partitions and create one or more new ones.
Use “mkfs –t ext2 /dev/sdb1”
for example to make file system on disk partition. This is equivalent to
formatting in windows.
Create mount points in /mnt, such as “sdb1,” “sdb2,” etc. as convenient points to mount the new disk drive via “mount –t ext2 /dev/sdb1 /mnt/sdb1”
5) To get
lots of useful stuff
/usr/platform/`uname
-i`/sbin/prtdiag -v
6) TO ENABLE NTP client on Solaris box in S&T:
???? I see files in /etc/inet/ntp.client
copy /etc/inet/ntp.client to ntp.conf
edit ntp.conf to add “server 90.30.213.2” (erase multicastclient line)
cd /etc/init.d and “./xntpd start”
/usr/sbin/ntptrace will trace chain of ntp servers..
/etc/rc2.d/S74xntpd will detect
the existence of ntp.conf and start xntpd on bootup.
6b To enable ntp on Linux FC
“ntpq –c peers” will list ntp peers and details
“remote” is first machine.
“refid” is remote machine – reference ID- referred to by
remote.
On 222.1.1.56 (ntp
server):
[root@ns1 etc]# /usr/sbin/ntpq -c peers
remote refid st t when poll reach delay offset jitter
==============================================================================
ns0.clan .INIT. 16 u - 1024 0 0.000 0.000 4000.00
*snt0.snt.bst.bl 90.152.76.68 4 u 116 128 377 0.292 19.051 11.617
+snt0-1.snt.bst. 90.152.76.68 4 u 61 128 377 0.260 19.283 9.779
LOCAL(0) 73.78.73.84 5 l 35 64 377 0.000 0.000 0.001
ns0.clan 90.30.213.2 5 u 59 128 267 0.211 -16.839 9.348
on 222.1.1.119
[jdloop@CLANFedora-119 ~]$ /usr/sbin/ntpq -c peers
remote refid st t when poll reach delay offset jitter
==============================================================================
*ns0.clan 90.30.213.2 5 u 2 64 7
0.708 -28.978 2.355
“*” means it is syncd to this
machine…
Sample /etc/ntp.conf
file:
restrict default nomodify notrap
noquery
restrict 127.0.0.1
# --- OUR TIMESERVERS -----
server 222.1.1.56 - on all machines except 222.1.1.56
server 90.30.213.2 - on 222.1.1.56 machine
server 90.34.5.2
#
fudge 127.127.1.0 stratum
10
driftfile /var/lib/ntp/drift
broadcastdelay
0.008
keys /etc/ntp/keys
restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 2.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict clock.redhat.com mask 255.255.255.255 nomodify notrap noquery
7) FOR
FUNKRADIUS STUFF on 222.1.1.134:
download sbr_sol_all_471.tar into /opt/funkradius directory
tar xvf *.tar and run “sh ./install.sh –all” as root
Answer lots of questions – service provider edition, license
This will create several
directories, radius, radadmin
Now you can run “sh ./install.sh –config”
Start radius via
“/etc/rc2.d/S90radius start”
to run client on same box as server, open browser to “file:/path…/radadmin/java/default.htm”
to run java client on external box, copy the entire directory /opt/funkradius/radadmin/java to box. double click on index.htm, and allow java applet. Username is admin password is radius (funkradius?) [There may be a “javadirectory.tar” – just copy tar, unzip and double click on index.htm]
The funkradius secret is “funkradius”
Funkradius server: /etc/rc2.d/S90radius start|stop
Funkradius SNMP stuff: /etc/init.d/init.funksnmpd stop|start
To uninstall, run install.sh
–unconfig
To enable debugging on radius, enter “2” in logging level in “radius.ini” – will
show up in .log
The log file is in /opt/funkradius/radius/20060804.log e.g. – dated filename
8) FOR INSTALLING OpenSSH on a solaris box: TEMPORARY 7-9-2004 Thanks to Dick Junkins
Unfortunately in the following procedure, the ssh server gets installed as well. As near as we can tell, we can do the full install and then configure solaris NOT to run sshd on startup.
FTP 3 files from 222.1.1.51 FTP server – OpenSSH directory. These can be put in your home directory.
Create an “/etc/passwd” entry: Is the userID OK?? - 105
“sshd:x:105:105:sshd privesep:/var/empty:/bin/false”
Create a shadow entry as well:
“sshd:NOLOGON:::::::”
Create a PATH in the globalprofile: You may just have to make sure these are IN the path!
“MANPATH=/usr/share/man:/usr/local/man”
Run install shell: ./solaris_install.sh
Go to /etc/rc2.d, find S89sshd, mv
to oldS89sshd ??? We are trying to keep sshd from starting on
bootup.
To install the ssh client on a
Windows machine:
FTP putty-0.54-installer.exe from
222.1.1.51/WindowsSSH
Execute this prog to install ssh
client
Start putty, enter 222.1.1.55 [or eventually 222.1.1.101] - it will ask you to accept key from ssh server the first time. You MUST have a login on 222.1.1.55. ASK me to create one.
9) To
Disable routing between multiple interfaces on the same solaris
box:
Solaris: ndd -set /dev/ip
ip_forwarding 0
To check to see if routing is
running on the box: ??
Ndd –get /dev/ip
ip_forwarding
To see if routing protocols are running:
Ps –elf | grep routed
Ps –elf |grep gated
10) To Add
DNS client capabilities on Linux/Solaris
Make sure machine has a fully qualified hostname in /etc/hosts, e.g. windowspc.clan or “server.sntlabs.com” to be included in our actual domain (must then add name to DNS db.sntlabs.com)
Make sure /etc/resolv.conf has the
line “search hosts” and “search clan”
For statically assigned IP
addresses, must assign domain name. For DHCP addresses, the DHCP server passes
out the domain name.
11) To add
DNS client capabilities on Windows machines.
For DHCP machines, the domain will be assigned via DHCP.
For static machines, assign the
domain name via TCP/IP properties, advanced -> DNS, and then add an entry to
“append these DNS suffixes” – clan. Not sure why this seems to be only
combination that works!!
12) To
enable DNS server capabilities
named.conf must point to root directory where db files are contained.
Linux: /etc/named.conf: these are the zones that it is responsible for. Linux will setup a “localdomain” zone, and the name of the machine will resolve to machine.localdomain.”
/var/named/chroot/var/named: zone files: Each of the zones listed in named.conf are detailed here. Add MX and NS stuff to the localdomain zone.
/var/named for NON chrooted
servers -
DNS testing: www.dnsreports.com www.squish.net/dnscheck
To ADD new domains that the DNS
server is to be responsible for, just add the zone, and the reverse zone to the
named.conf. Then create the zone files in /var/named/chroot/var/named
directory.
13) to add users at cmd line
“useradd –d /home/newuser –m newuser”
then issue “passwd newuser” to
create passwd for “newuser”
To enable the desktop, you must go
into the xstartup directory and uncomment two lines noted..
14) To use
freeradius on Fedora Core
stop radiusd via
/etc/init.d/radiusd stop
ex /etc/raddb/clients to add BRAS clients
ex /etc/raddb/users to add
users
invoke radiusd via
“/usr/sbin/radiusd –xxyz –l stdout” for debugging capabilities,
otherwise, just go to /etc/init.d and “./radiusd start”
radwho
radtest user passwd localhost 0
testing123
15) To disable password aging:
edit /etc/default/passwd to be:
#ident “@(#)passwd.dfl 1.3 92/07/14 SMI
MAXWEEKS=
MINWEEKS=
PASSLENGTH=6
Issue following commands for all users,including root:
Passwd –x -1 jdloop
E.G.
16) Setting up the Linux SENDMAIL and POP3 server (dovecot)
??? Check to make sure the
POP3/imap server is running – “dovecot” turn it on and save it if need
be. Users on PCs external to the mail server will need a POP email client to
retrieve email from the mail server
This site contains the best notes I found!
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch21_:_Configuring_Linux_Mail_Servers#A_General_Guide_To_Using_The_sendmail.mc_File
For sendmail:
Make sure /etc/hosts has FQDN of host:
“127.0.0.1 mail.sntlabs.com localhost.localdomain localhost”
Make sure /etc/resolv.conf has
“domain “sntlabs.com” and “nameserver
205.152.56.182”
If you only want to SEND mail,
then there is usually nothing you have to do. If your domain (such as
“clan” or “loop”) is bogus, then the mail server you are connecting to
may elect to reject based on a nonexistent domain. But it may not! Send it to a
mail server, such as mail.sntlabs.com, which you CONTROL, and add to the access
file “accept clan”
If you want to accept mail for
delivery as well, then the situation is more complicated…
Be root. Edit sendmail.mc.
-If You MUST use a relay, Change the relay smarthost to “mail.bellsouth.net” OR “mail.sntlabs.com”
-If you do NOT have to use a relay, just leave this commented out. The mail server will connect directly to foreign mail server once finding its MX entry in its DNS.
A relay may be required if your ISP does NOT allow you to connect to smtp port on any other ISP other than your own. In this case, you must relay thru your own ISP.
-The best way to test is to try “telnet gateway1.att.net smtp” e.g. , or ANY foreign email server, depending where you are. You will actually be talking to mail server if this works…. If this works, then you do NOT need to relay thru your ISP smtp server. You can connect DIRECTLy to the endpoint SMTP server.
-Change the MASQUERADE_AS and MASQUERADE_DOMAIN to your domain, e.g. sntlabs.com
Watch out: if you change masquerade_as to sntlabs.com, and your machine resolves to an sntlabs.com address because it is NAT’d behind an sntlabs.com address, the mail will be delivered to this machine…
-Comment out the DAEMON_OPIONS via dnl # to allow sendmail to listen on all interfaces. If you do not do this, you will ONLY be able to send mail from the box, since sendmail will only listen on 127.0.0.1.
-Change the domain in LOCAL_DOMAIN to sntlabs.com
Install the sendmail-cf package by running “yum install sendmail-cf”
This is installed in /usr/share/sendmail-cf (for some reason).
----on later Linux, it all seems to be there..? in /etc/mail
QUOTE: “If you need to change your sendmail configuration file sendmail.cf (via changing sendmail.mc), you need to install sendmail-cf package.”
Apparently, fedora ships with a simple sendmail.mc/sendmail.cf which works for sending/receiving mail ON the host. It did NOT come with sendmail-cf package!
----on later Linux, it all seems
to be there..? in /etc/mail
Stop sendmail via /etc/init.d/sendmail stop
Now do a “make –C /etc/mail” in the /etc/mail directory. Sendmail.cf should be generated from the changed sendmail.mc file. Check the dates on the files to verify. "make" also works.
Start sendmail via “/sbin/service sendmail start”
Now we need to modify some access list to let the sendmail box accept SMTP connections from the snbtlabs.com address spaces.
For the “access” file:
Remember that the mail server will appear as a RELAY if you want an email client on a PC to send mail to other domains than the machine local sntlabs.com. SO you must enable RELAYing of some sort. Anybody can actually SEND mail to sntlabs.com, because this is NOT a RELAY function. So beware of spam when they pick up usernames on sntlabs.com.
-edit the “access” file to add the sntlabs.com domain to relay. See NOTE below. The problem is that other spammers can fake the FROM as user@sntlabs.com” and I will relay….
-edit the “access” file to add the subnets you will allow, such as “216.77.106.0/24” “205.152.56.0/24” etc. This may be necessary since these PCs do not “appear” in the sntlabs.com domain. NOTE: see note below. I think correct syntax is “205.152.56” e.g.
As long as the IP address has a reverse DNS entry, the mail server will RELAY.
AS of 9-10-06 I now have “sntlabs.com ACCEPT” and “sntlab.bls.com REJECT” in the access file. “sntlab.bls.com” is old domain of wrenn.
216.77.106.0/24
68.153.4.0/24
68.153.78.0/24
68.153.79.0/24
70.158.190.0/24
205.152.56.0/24
This will all give dsl[1,2,3,4,5,6]-xxx-sntlab.bls.com [or dsl[1,2,3,4,5,6]-xxx-sntlabs.com once domain move is accomplished], and will allow any email client setup in our subnets to use the mail server.
NOTE: 8-30-06: reverse stuff fixed, sntlab.bls.com removed…
NOTE: 12-1-06: above networks added to “access”
NOTE: 12-5-06: had to add “sntlabs.com” back into access file.
Rerun the “make –C /etc/mail” to create the new access.db file. Stop and restart sendmail as before.
NOTE: 12-5-06: turn OFF “FEATURE(‘relay_based_on_MX’)” add dnl in front. IN access file, just list networks in correct syntax – 205.152.56 e.g.
In local-host-names file, add “sntlabs.com” or the domain you will accept mail for. This means this mail server “accepts responsibility” for these names. Not really sure what this means yet…..
NOTE: 12-8-06: I removed sntlabs.com from this file.
In virtusertable file are users which are on this mail server. This file tells sendmail what to do with this mail when received and addressed to these users.
6-7-2007: added sntlabs.com and clan to local-host-names file. Tells sendmail which domains it accepts mail for. Not sure how useful this is.
6-7-2007: enabled “RELAY based on MX” i.e. only relay mail if I am the MX for this IP.
MAIL RELAY TESTING: /www.abuse.net/cgi-bin/relaytest
Use “sendmail –v jdloop@bellsouth.net” to see complete SMTP exchanges between servers.
To use the procmailrc:
To block all mail to root, e.g. create .procmailrc file in /root directory:
:0
* ? formail -x"From:" | grep -iv @.*sntlabs\.com
/dev/null
16A) Setting up a Linux box to use sendmail as a “client”
It is safe to use sendmail on an Internet connected box for SENDING mail, because the default sendmail only LISTENs on 127.0.0.1. Thus any user ON the box can SEND mail to an outside user. Can use this for cron email and the like. Just change the smarthost as shown below. If you don’t need to send mail OUTSIDE the box, then the default sendmail config will work just fine – sending mail to users ON the box.
- make sure sendmail is installed “yum install sendmail”
- make sure sendmail.cf is installed “yum install snedmail-cf”
- edit /etc/mail/sendmail.mc to change smarthost to the mailserver you want to use, such as “mail.sntlabs.com”
- run “make –C /etc/mail” to create the new sendmail.cf
- edit /etc/hosts to insert FQDN in place of “localhost.localdomain”
- edit /etc/resolv.conf to add “domain sntlab.bls.com” This domain corresponds to the six IP address spaces we use around here. Although it isn’t really a “domain” as such. When you do an nslookup on one of the addresses, such as 68.153.4.216, you will get “dsl2-216.sntlab.bls.com” The mail relays, like mail.sntlabs.com and mail.bellsouth.net (used by mail.sntlabs.com) apparently do a reverse DNS lookup on the IP address, and there better be an entry.
NOTE: note changed domain to “sntlabs.com”
- start sendmail via “/sbin/service sendmail start”
- make sure it starts at boot via “/sbin/chkconfig –level 2345 sendmail”
16b) Setting up Solaris box on clan to send mail to sntlabs.com
- add entry in hosts file “mail.sntlabs.com 205.152.56.181”
- make sure hostname is FQDN: “222.1.1.123 ascend1.clan ascend1 ….
- set a host specific route to the internet gateway, viz: “ip route mail.sntlabs.com 255.255.255.255 222.1.1.250”
- In the sendmail.cf file, Look for DS and set it to 'DS mail.sntlabs.com'.
- bounce sendmail
NOTE: This will only allow mail to terminate on the sntlabs.com mail server, because if you try to send to “imcingular.com” e.g. it will complain about the “fake” domain clan.
NOTE: I need to figure out how to rewrite domain to sntlabs.com for these emails to be sent/relayed to other domains. Right now imcingular.com email server complains about fake domain clan it finds in FROM.
NOTE: Just use a .forward file in the user’s home directory. [chmod 744 so not group writable for some reason]. This apparently forwards the file with the FROM address using the VALID sntlabs.com domain!!
16c) Mail log files
- on Linux the log is at /var/log/maillog
- on Solaris the log is /var/log/syslog
These notes are recorded when I transferred sendmail and dovecot fro 192.168.254.253 to 192.168.254.248.
1. Make sure 248 has "mail.loop.com (FQDN) in /etc/hosts (in addition to "www.loop.com" loop.com" johnloop.com"
2. In sendmail.mc, enable listening on 248: This is a "diff sendmail.mc sendmail.mc.orig" on a fedora 11 box:
[root@www mail]# diff sendmail.mc sendmail.mc.orig
26c26
< define(`SMART_HOST', `mail.loop.com')dnl
---
> dnl define(`SMART_HOST', `smtp.your.provider')dnl
116c116
< DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
---
> DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
Not sure i need the SMART_HOST change.... Definitely need to change DAEMON options to listen on al ports (delete 127.0.0.1)
3. Change address of "mail.loop.com" in DNS server - db.loop
4. turn off sendmail in 253 - service sendmail stop
5. Dovecot settings on 248: changes:
[root@www technical]# diff /etc/dovecot.conf /etc/dovecot.conf.original
218c218,219
< # mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u
---
> # mail_location = maildir:~/Maildir
> # mail_location = mbox:~/mail:INBOX=/var/mail/%u
221d221
< mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u
just need to enable the "var/spool/mail/%u" place for the mail location. Don't know about the ~/mailcd
Also, I THINK I need pam changes: change /etc/pam.d/dovecot to be:
[root@www mail]# cat /etc/pam.d/dovecot
#%PAM-1.0
authrequiredpam_unix.so nullok
accountrequiredpam_unix.so
6. Make sure the firewall allows port 25 in and port 110 in.
7. If using selinux, may need to enable some sendmail and dovecot things.
8. Change mail client to use the new mail server/pop3 server
You may have to add a new "outgoing SMTP server" for your private network. Point the private account to this SMTP server. Otherwise it will send to the defualt SMTP server on the Internet.
17) Setting up VNC server in Linux Fedora.
-make sure vnc server is installed via “rpm –q vnc-server”
(yum install vnc-server if necessary)
-go to file /etc/sysconfig/vncservers and add lines at end of file for each user: “VNCSERVERS=”1:jdloop 2:pspecht 3:sstill””
A process is started for each user that listens on the subsequent ports 5901, 5902, 5903, etc. This is apparently unlike the vncserver that gets installed on windows where there is only one process which takes you to the desktop, where the user can login. IN vnc for linux, the vnc client takes you to the individual user’s desktop!
-in login directory for each user (logged in as that user), enter cmd “vncpasswd” and create vncpasswd
-restart vncserver via “/etc/init.d/vncserver restart”
-Once you restart vncserver, it creates an xstartup file in the .vnc directory of each user.
-it also creates a log file in the .vnc directory. As of FC5, there is a problem that keeps adding to the log. SO there is afile fillup problem. I create a cron file « vnclogcleanup » in which I rm the log file, and then retouch it. I then create a cron file, anda dd this to the crontab to execute it every hour.
-in each user .vnc directory, uncomment two lines in xstartup. This is necessary to have a proper desktop. You will have to bounce user shell, or restart vncserver to make it work..
-vncviewer to 222.1.1.78:1 for user jdloop, 222.1.1.78:2 for user pspecht, 222.1.1.78:3 for user sstill
-Login on the console as each user and you may find a “remote desktop control” under preferences. Modify as appropriate – I only found it on FC5, not FC4.
You can also use a browser:
http://222.1.1.78:5801 for jdloop, 5802 for specht, 5803
for sstill.
To verify setup, issue “netstat
–an |grep 590” to see listening ports. There should be one for each
user.
NOTE: in FC5, watch the log file
in .vnc directory. This will fill up your file system if you are not careful.
Do not know of way around it right now except to do a cron job to rm it
occasionally.
I have noticed in FC7 (maybe there before….?) you can go into the system->preferences->internet and network->remote desktop and enable “remote desktop.” This is VNC like you run with windows – it just sends you to the desktop, and asks for a password. No individual user stuff. I am not sure how to enable this from the cmd line.
18) using ssh :
- ???? ssh ~R rekey if server machine changed (or go into .ssh directory, edit hosts file to delete old IP entry)
- ssh –p 222 for different port than 22
- ssh –l usernamne if different than present environment
- ssh –X (capital X) enables X11. Then just start app, no need to set DISPLAY.
- ~. Escape ssh
- e.g.: ssh –X –p 222 –l jdloop 205.152.56.182
ssh to 205.152.56.182 on port 222,
user jdloop, and allow X forwarding
Tunneling over
ssh:
Using linux VNC client
In the server config /etc/ssh/sshd_config, and the client config /etc/ssh/ssh_config enable “Gateway Ports”, “AllowTcpForwarding,” “X11 forwarding,” and set the applicable port you are using, which should probably NOT be 22 if you have an ssh server listening on the Internet! You may have to figure out exactly how to enable these in the config files….
On the client, to run vncviewer thru tunnel:
“ssh –L5900:192.168.1.32:5900 –p 222 68.153.4.195”
192.168.1.32 is machine on private LAN (on far end, behind NAT/router), 68.153.4.195 is Internet address of private NAT LAN router (assuming we are hitting a NAT/router on other end). The NAT router has to be configured to forward port 222 to the Linux sshd server, which is running on the private LAN.
If you do a “netstat –an |grep
5900” you will apparently NOT see the port 5900 open to the 192.168.1.32
until you actually make the connection with vncviewer!
NOW in a SEPARATE window on the client PC, issue “vncviewer,” for linux, or start your VNC client and Enter the server as “localhost (or 127.0.0.1).” The “password” windows that pops up is from the destination machine at 192.168.1.32. Enter the passwd you configured on that VNC server.
The trick is that “L5900”
means that localhost is listening on port 5900 and will forward to the
192.168.1.32:port 5900 (or whatever port you list) over the existing ssh
connection.
Using putty VNC PC client
In the putty client, go to tunnels, and enter “5900” in source port.
Enter “192.168.1.32:5900” in the Destination address. Click “add.”
Go back to “session” and enter destination IP address, port number, if different from 22. Login to remote ssh server.
NOW start the VNC client (viewer)
and specifiy “localhost” as the server. Enter the passwd that you
configured on the remote VNC server.
Using X over ssh
You must have X forwarding enabled in the sshd_config and ssh_config, or in the putty configuration. In the original ssh window, where you have logged in, and are talking to the ssh server, just enter an X command, such as “/usr/X11R6/bin/xclock” and the xclock will pop up on your desktop (as long as you have an X server running!). The DISPLAY variable is normally already set on the remote side as “localhost”.
Slick!
Just do an “ssh –X remote
machine.” On the remote machine, you do NOT need to set the display variable.
Just start the X app. You will not typically see X server running at port 6000
in this case..
Using RDP over ssh
If you have a WinXP pro, then you
can probably run RDP over the ssh by using the port 3389.
19) using scp
This uses ssh protocol over ssh port. Will use existing logged in user for both machines, and will ask for passwd for far end.
To change user, use the “–l user” cmd line option to specify different user at far end.
- scp source destination
e.g. scp 222.1.1.51:file.txt . (OR new file name) [to copy from there to here]
e.g. scp file.txt 222.1.1.51:newfile.txt [to copy from here to there]
e.g. scp –P 222 –l user
file.txt 205.152.56.155:newfile.txt [to copy from here to there on a different
user, different ssh port]
20) using sftp
-pretty much same
21) Using
cron in linux
To set up a cron file for root
execution, I believe you can just create a script file, put it in cron.daily,
cron.weekly or cron.monthly, chmod 644 on the file and root will execute it.
These files are in /etc/cron.daily, /etc/cron.weekly, /etc/cron.monthly. The
file /etc/crontab invokes these files…. You can also do the normal cron
entry, via creating a file of scripts and issuing “crontab
file”
When you create a cron, and issue
“crontab file” it put the file in the user’s name in the /var/spool/cron
directory. The crond demon checks this every minute I think to find something
to execute..
As a user, in home directory,
ceate a file, with commands to run, “foo” for example:
cd
tar xvf directory.tar .
tftp 222.1.1.61 –c put
directory.tar
create a cron file “foo.cron” to describe frequency to run, for example:
10 3 * * * /home/jdloop/foo
The format is “minute” “hour” “day” “month” “dayofweek” cmd
This command runs foo at 3:10 AM every day
0 * * * * /home/jdloop/foo
Thi command runs every hour?
chmod +x on foo.cron
issue “crontab foo.cron” to register with system cron demon.
[naming the file with a”.cron” suffix does nOT appear to be necessary….]
root will create /var/spool/cron/jdloop entry and run the cmd as instructed
issue “crontab –l” to see cron jobs
issue "crontab -e" to edit crontab
issue “crontab –r” to rmv cron jobs (as user you are creating cron jobs for…)
issue crontab file.cron to OVERWRITE previous crontab file FOR THIS USER ?? I think you can just edit the foo file and crond will pick up new file
BE CAREFUL issuing “crontab file” DO NOT DO THIS AS ROOT – it is USER dependent, NOT Directory dependent
For solaris (linux?): add user to cron.allow to allow user to create cron files. You may have to “merge this” as well.
Each line in the /etc/crontab file represents a task and has the format:
SYNTAX: minute hour day month dayofweek command
minute — any integer from 0 to 59 BEWARE- “0” means it will keep doing it I think
hour — any integer from 0 to 23
day — any integer from 1 to 31 (must be a valid day if a month is specified)
month — any integer from 1 to 12 (or the short name of the month such as jan, feb, and so on)
dayofweek — any integer from 0 to 7, where 0 or 7 represents Sunday (or the short name of the week such as sun, mon, and so on)
command — the command to execute (The command can either be a command such as ls /proc >> /tmp/proc or the command to execute a custom script that you wrote.)
For any of the above values, an asterisk (*) can be used to specify all valid values. For example, an asterisk for the month value means execute the command every month within the constraints of the other values.
A hyphen (-) between integers specifies a range of integers. For example, 1-4 means the integers 1, 2, 3, and 4.
A list of values separated by commas (,) specifies a list. For example, 3, 4, 6, 8 indicates those four specific integers.
The forward slash (/) can be used to specify step values. The value of an integer can be skipped within a range by following the range with /. For example, 0-59/2 can be used to define every other minute in the minute field. Step values can also be used with an asterisk. For instance, the value */3 can be used in the month field to run the task every third month.
Any lines that begin with a hash mark (#) are comments and are not processed.
As you can see from the /etc/crontab file, it uses the run-parts script to execute the scripts in the /etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly, and /etc/cron.monthly directories on an hourly, daily, weekly, or monthly basis respectively. The files in these directories should be shell scripts.
If a cron task needs to be executed on a schedule other than hourly, daily, weekly, or monthly, it can be added to the /etc/cron.d directory. All files in this directory use the same syntax as /etc/crontab. Refer to Example 28-1 for examples.
# record the
memory usage of the system every monday
# at 3:30AM in the file /tmp/meminfo
30 3 * * mon cat /proc/meminfo >> /tmp/meminfo
# run custom script the first day of every month at 4:10AM
10 4 1 * * /root/scripts/backup.sh
Example 28-1. Crontab Examples
Users other than root can configure cron tasks by using the crontab utility. All user-defined crontabs are stored in the /var/spool/cron directory and are executed using the usernames of the users that created them. To create a crontab as a user, login as that user and type the command crontab -e to edit the user's crontab using the editor specified by the VISUAL or EDITOR environment variable. The file uses the same format as /etc/crontab. When the changes to the crontab are saved, the crontab is stored according to username and written to the file /var/spool/cron/username.
The cron
daemon checks the /etc/crontab file, the /etc/cron.d/ directory, and the
/var/spool/cron directory every minute for any changes. If any changes are
found, they are loaded into memory. Thus, the daemon does not need to be
restarted if a crontab file is changed.
28.1.2. Controlling Access to Cron
The /etc/cron.allow and /etc/cron.deny files are used to restrict access to cron. The format of both access control files is one username on each line. Whitespace is not permitted in either file. The cron daemon (crond) does not have to be restarted if the access control files are modified. The access control files are read each time a user tries to add or delete a cron task.
The root user can always use cron, regardless of the usernames listed in the access control files.
If the file cron.allow exists, only users listed in it are allowed to use cron, and the cron.deny file is ignored.
If cron.allow
does not exist, all users listed in cron.deny are not allowed to use cron.
28.1.3. Starting and Stopping the Service
To start the
cron service, use the command /sbin/service crond start. To stop the service,
use the command /sbin/service crond stop. It is recommended that you start the
service at boot time. Refer to Chapter 14 Controlling Access to Services for
details on starting the cron service automatically at boot
time.
If your editor is all messed up and you can't use vi/default editor, just create the script with any editor, and:
1. For root, you can create the script in the / directory.
2. Go to /var/spool/cron/crontabs and edit the "root" file to add the script and its time of execution.
3. Restart the cron demon via "svcadm restart cron"
22) Setting up mediawiki on Fedora core Linux
1) as root, install the following packages;
yum install mediawiki (this also installs perl-DBI, mysql[DB client] and php-mysql)
yum install mysql-server [the actual DB server mysqld] [you have the option of installing this when you install linux fedora…..]
2) you can start mysqld via “service mysqld start” and check the port 3306 via “netstat –an |grep 3306” This also creates a DB in /var/lib/mysql
3) stop and restart the httpd service via “service httpd restart”
4) ON the host where mysql and httpd are installed,
There is a /var/log/mysql.log
5) start mysql client via “mysql –u root” [mysqld must be running to do this]
in response to prompt, “use mysql;” [this apparently tells sql to use DB in /var/lib/mysql..] Issue commands: [double quotes NOT necessary….]
“update user set Password=PASSWORD(‘XXXXXX’);” SINGLE quotes, NOT Grave quote
“flush privileges;”
“exit;” [this sets password on mysql client, NOT the DB]
CTL C to exit …I guess…
You can always connect to DB using “mysql –u root –p” and entering the password “XXXXXX”
“service mysqld stop”
“service httpd stop”
“service mysqld start”
“service httpd start”
on local host, [you may have to start firefox as root from a cmd line “firefox&”] browse to http://localhost/mediawiki/index.php to run install script. Or run VNC to server if you have it set up, and run firefox on desktop..
- click on setup the wiki
- Specify a name – do not use “mediaWiki” ?? [read the comment]
- set Sysop account and passwd WikiSysop/XXXXXX OR WikiSysopww2/XXXXXX [Lets you administer mediawiki??]
- disable email stuff for now
- set DB “wikidb” user/passwd “wikiuser/XXXXXX” OR “wikiuser/XXXXXX” [The install script can do this if you give it the DB root passwd in next command..] [I think I changed “wikidb” to “root” on some systems….]
- DB superuser root/passwd “XXXXXX” (NOT the linux root passwd)
If the install is reported as successful:
- copy /var/www/mediawiki/config/LocalSettings.php to parent directory.
- Protect the config directory via chmod –w /var/www/mediawiki/config
To enable uploading of files onto the mediawiki, you must change the one setting in the LocalSettings.php file (config directory) and then copy it to the parent directory. It will take effect automatically. You must also make the images directory writable, via “chgrp apache images” and “chmod 770 images”
To allow files other than jpg, ogg to be uploaded, you must add that capability to LocalSettings.php. Look at examples in /includes/DefaultSettings.php – you must add the line to LocalSettings.php ONLY!
PHP has an upload limit of 2MB. Edit php.ini, find “upload” and change to 10MB. Restart httpd
To enable the thumbnails, you must install “ImageMagick” via “yum install ImageMagick.” This install /usr/bin/convert.”
You must also change a couple settings in LocalSettings.php:
- $wgUseImageResize and $wgUseImageMagick to true
Uploading non-image files
By default, MediaWiki only allows you to upload certain types of files (extensions gif, jpg, jpeg, ogg and png). This is managed by this order in includes/DefaultSettings.php:
$wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg', 'ogg' );
If you want to be able to upload other file types, for instance ZIP files you
must add this line to LocalSettings.php:
$wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg', 'ogg', 'zip');
Caution: do not modify the line in DefaultSettings.php because it will break when updating
Also you may find php and apache limit the filesize of uploads too giving spurious messages on the upload page such as "The file you uploaded seems to be empty. This might be due to a typo in the file name. Please check whether you really want to upload this file." See Q: What affects the maximum file size which can be uploaded? on this page for details: http://meta.wikimedia.org/wiki/Uploading_files#Frequently_Asked_Questions. (It might be better to have this information conglomerated more centrally).
Take in account there is a blacklist of file extensions in includes/DefaultSettings.php:
$wgFileBlacklist = array(
# HTML may contain cookie-stealing JavaScript and web bugs
'html', 'htm',
# PHP scripts may execute arbitrary code on the server
'php', 'phtml', 'php3', 'php4', 'phps',
# Other types that may be interpreted by some servers
'shtml', 'jhtml', 'pl', 'py',
# May contain harmful executables for Windows victims
'exe', 'scr', 'dll', 'msi',
'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' );
23) Setting
up VSFTPD on Linux
- yum install vsftpd, if not already installed
- the default install allows anonymous FTP, but does NOT allow uploads or directory creation. Go into /etc/vsftpd/vsftpd.conf and uncomment these variables in the file to allow anonymous ftp
-anon_mkdir_write_enable=YEs
-anon_other_write_enable=YES
-anon_upload_enable=YES
-anonymous_enable=YES
-write_enable=YES
NOT setting these variables will allow normal FTP to a user
Restart vsftpd. You must also change the /var/ftp directory to be owned by user “ftp” and group ftp. Create an “upload” directory and change the permissions on directory to 0777 to allow writes.
- the default install allows individual users to ftp in. They ar placed in their home directory, unlike anonymous ftp where they are placed in /var/ftp
- watch SELINUX: If enabled, you must go into security panel, selinux and enable FTP stuff
-consider using scp instead of ftp. E.G. “scp –P 222 file 205.152.56.155:file”
-note CAPITAL P, as opposed to small p in ssh!
-as user jdloop, it will ask your passwd for remote system.
-must accept key for first time.
-must have login on remote system.
Vsftpd options: http://vsftpd.beasts.org/vsftpd_conf.html
24) Setting up httpd on Linux
- watch SELINUX: it seems to
prohibit you from enabling httpd port on any but the common ones, 80,
8080
25. Using the serial port on a Linux box
minicom: install from add/remove programs (serial port program)
reconfig minicom via “minicom
-s”
Use “minicom” or minicom -s to reconfigure
In the minicom setup, specify /dev/ttyUSB0 for the USB serial device, ttyS0 for the serial port.
9600 8N1 is usually necessary for most craft interfaces.
26. Using tar
“tar cvf filename.tar .” will create a tar file of everything in the directory in which you execute the cmd. Tar file is placed in this directory. You need the trailing “.”
“tar cvf /tmp/filename.tar .” will put the tar file in /tmp
“tar cvf filename.tar –X
tar_exclude_file .” will create a tar file of everything in the directory,
EXCEPT those files/directories listed in the
“tar_exclude_file.”
“tar xvf filename.tar” will extract the tar file into the directory in which you execute the cmd.
“tar xvf /tmp/filename.tar” will
extract the tar file “/tmp/filename.tar” into the directory in which you
execute the cmd.
27 Using arpwatch
Linux machines come with “arpwatch.” Install it if necessary. Place line in S99local “/usr/sbin/arpwatch –e jdloop@sntlabs.com”
This will mail changes in IP-MAC tables to this email (see config above for email).
“man arpwatch” will describe
operation. /var/arpwatch/arp.dat will contain a table of current LAN MAC-IP
assignments.
28 tcpdump
on linux
/usr/sbin/tcpdump host
mail.bellsouth.com
29 Setting
up Open LDAP (Fedora-ds) on fedora 6 linux
http://directory.fedoraproject.org
/opt/fedora-ds/slapd-openldap/start-slapd -> start server
/opt/fedora-ds/start-admin ->
start admin server
On external box to start console admin (java)
Make sure you have an X server running on your box.
1. ssh –l fedora6ldap 222.1.1.51
2. accept key, give password
3. su and cd to /opt/fedora-ds
4. export DISPLAY=YOURIP:0.0
5 ./startconsole &
30. Setting up bridging in Linux
Yum install bridge-utils to get the “brctl” and “tc” command
Modprobe –v bridge to enable bridging module.
The following cmds add a bridge between eth0 and eth1:
Brctl addbr bridgename
Brctl addif bridgename eth0
Brctl addif bridgename eth1
Ifconfig eth0 up
Ifconfig eth1 up
Ifconfig bridgename up
Brctl show
“tc” commands can do traffic
control, filtering, delay at the layer 2. Do a “man tc”
On a box which you can use as a partimage server (plenty of disk space).
Boot knoppix, and
assign IP to ifce via “ifconfig eth0 192.168.3.76 up”
Look at partitions via “cat /proc/partitions”
Create partition using cfdisk if necessary.
Mount partition via “mount /dev/hda1 /mnt/hda1” -- the “hda1” must match the spec in the /proc/partitions file.
Chmod 0777 on the /mnt/hda1 directory.
Add root user to /etc/partimaged/partimageusers file
Start partimaged via “partimaged
–d /mnt/hda1”
On the Client which you wish to copy partitions.
assign IP to ifce via “ifconfig eth0 192.168.3.74 up”
“cat /proc/partitions” to look at partitions.
Do NOT mount the partitions.
Start partimage via “partimage” for gui, do a “man partimage” to see cmd line technique.
Select partition in list with CR, tab to remaining
Spec partimaged server IP, and give file name, including COMPLETE path, such as “/mnt/hda1/cms-74-boot.partimage”
Enter Login info using tab keys
Good luck
On the box that you want to construct:
Boot knoppix
Creat the partitions exactly as they exist on the box to be cloned. You should be able to use “cfdisk” to do this.
Assign IP to ifce via “ifconfig eth0 192.168.3.77 up” e.g.
Do NOT mount the partitions.
Start partimage and spec partition
to create, the file on the server corresponding to it, and the server
IP.
In general, if you want to ssh around, you need to start the ssh server via /etc/init.d/ssh start, and also set a root passwd.
You may also need to establish a
route if you are off network via “route add –net 222.1.1.0 netmask
255.255.255.0 gw 192.168.3.254”
When you first boot knoppix, look at ifconfig –a and see if you can see which interface to use – there may be activity there…
32. Use of
YUM on Fedora Linux
In /etc/yum.conf turn NO to Yes where needed
In /etc/yum.repos.d, in the
fedora.repo and fedora-updates.repo, set enable = 1
Add the livna repo:
Rpm –ivh http://rpm.livna.org/livna-release-7.rpm [this adds files]
Rpm –import
/etc/pki/rpm-gpg/RPM-GPG-KEY-livna [this adds livna gpg public
key]
The livna repo has all kinds of
stuff, which fedora cannot have because fedora is ALL open
source.
33. Use of
ping in a cron to monitor IP address
Create a file “ping497shiloh”
:
Ping –c 1 497shiloh.dyndns.org || mail –s CAMERA jloop1@imcingular.com<<!
Check IP
!
Chmod +x
ping497shiloh
Create a file
“497shiloh”:
10 * * * *
/home/jdloop/ping497shiloh
DO “crontab 497shiloh.” This
will put the 497shiloh in the crontab.
Beware that this sends you email on THIS box every time it executes the cron!!