Thursday, May 17, 2012
Notes Linux
Contents
- 32bit vs 64bit
- Bitmap Fonts
- CDwriting
- WinXP and Lilo booting sequence
- SSH Tunnelling Enabling and VNC
- SSH X11 port forwarding
- USB Mounting and /etc/fstab editing
- Loading Profiles
- Linux Firewall
- Linux Runlevels
- Block web-ads
- SELinux Configuration
- For using SELinux with cgi-bin and files in Symbolic links
- RPM
- Installing Source RPMs
- Linux Commands
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
32bit vs 64bit
==============
CPU 32 bit -> integer pointers are 32bits
2 to power 32 = 4e+09 about 4 Giga stuff
Real*8 is 8 bytes - i.e. 64 bits but these are a separate thing
altogether from integer pointers.
Pointers (a C/C++ concept - alien to Fortran)
Consider an array of REAL*8 Arr(17:27)
there are 11 elements, i.e. from Arr(17), ...., Arr(27)
each element can be referenced with a pointer so we need 11 pointers.
but if the pointer size is 2^32 (4e+09),
so the max array size(w.r.t. #elements) possible is 4e09
Bitmap Fonts
============
Eg. Installing Korean Fonts
0. Log in as root
1. Download Korean Fonts and put into /scratch/chee/fonts/Korean-X
The files are:
hanglg16.pcf.gz hanglm16.pcf.gz hanglm24.pcf.gz
If the files are in bdf format then,
i) convert to pcf:
bdftopcf <file>.bdf
ii) compress it
gzip <file>.pcf
or
compress <file>.pcf
2. Create an index file for the fonts in that directory
mkfontdir /scratch/chee/fonts/Korean-X
this will create fonts.dir in the Korean-X directory
3. Tell the Xserver where to find the new fonts.
xset fp+ /scratch/chee/fonts/Korean-X
or
xset +fp /scratch/chee/fonts/Korean-X
to check the current X settings
xset q
to add this permanently, add the xset fp to .xinitrc
4. Refresh the Xserver setting when new fonts added if necessary
xset fp rehash
5. To view fonts in IRIX
xfd
CDwriting
=========
using cdrtools (cdrecord, mkisofs, etc..)
Ref: http://wt.xpilot.org/publications/linux/howtos/cd-writing/html/
1. Collect files and make a iso filesystem
mkisofs -r -o cd_image private_collection/
where
-r = Rockridge extns (deeper than 8 levels, permissions, etc)
-J = Joliet extensions - more MS Windows friendly
-o = output filename
-v = verbose
-x = exclude directory path
for second session only:
-C x,y = x is last session start, y is next session start
= use "cdrecord msinfo" to get -C x,y info
= must use with -M option
-M path = path where multi session is to merge. Usually path is
= place normally mount CDROM eg /mnt/cdrom
EG:
cd /scratch/chee/software
mkisofs -v -r -J -o firstImage.raw forWinPC/AdbeRdr601_enu_full.exe
*****
mkisofs 1.12.1 (i686-pc-linux-gnu)
61.14% done, estimate finish Fri Sep 10 16:32:27 2004
Total extents actually written = 8189
Total translation table size: 0
Total rockridge attributes bytes: 264
Total directory bytes: 0
Path table size(bytes): 10
Max brk space used 5544
8189 extents written (15 Mb)
*****
2. Test Image
Mount the iso image (cd_image) into the directory /cdrom, so you can check the directories.
mount -t iso9660 -o ro,loop=/dev/loop0 cd_image /cdrom
3. Writing to CD
to test the CD writer and get info
cdrecord -scanbus
to write to the CD
shell> SCSI_BUS=0 # taken from listing 1 "scsibus0:"
shell> SCSI_ID=6 # taken from listing 1 "TOSHIBA XM-3401"
shell> SCSI_LUN=0
shell> cdrecord -v speed=2 dev=$SCSI_BUS,$SCSI_ID,$SCSI_LUN \
-data cd_image
# same as above, but shorter:
shell> cdrecord -v speed=2 dev=0,6,0 -multi -data cd_image
where
-dummy = simulation (laser off)
-eject = eject after burning
-v = verbose
-multi = multi-session
-msinfo = get multi-session info
-toc = get table of contents
-data = data file (mode1 YellowBook)
-audio = audio files
speed=x = x is speed for writing
dev = 0,0,0 for parallel.hpc.unsw.edu.au
EG
cdrecord -dummy -v speed=2 dev=0,0,0 -multi -data firstImage.raw
4. For CDRW
writing the 2nd, 3rd sessions onwards
shell> NEXT_TRACK=`cdrecord -msinfo dev=0,6,0`
shell> echo $NEXT_TRACK
shell> mkisofs -R -o cd_image2 -C $NEXT_TRACK -M /dev/scd5 private_collection/ \
EG.
cdrecord -msinfo dev=0,0,0
0,19591
mkisofs -v -r -J -o secondImage -C 0,19591 -M /dev/cdrom forWinPC/Firewall
cdrecord -dummy -v speed=2 dev=0,0,0 -multi -data secondImage
WinXP and Lilo booting sequence
===============================
- Example for Slackware Linux
- use the linux diskette to startup linux
- login as root
- modify the /etc/lilo.conf file as follow:
lba32
boot = /dev/hda1
vga = 773
image = /boot/vmlinuz
root = /dev/hda1
label = Slackware <-- no space
read-only
- then do:
$ lilo -b /dev/hda1 <-- lilo on hda1
$ dd if=/dev/hda1 of=/dos/boot.lnx bs=512 count=1
$ shutdown -r now
- take out the linux boot diskette and re-boot the
system to WinXP, then do:
** copy the file from d:\dos\boot.lnx to c:\
** then, modify the file c:\boot.ini to include
following lines:
[boot loader]
timeout=30
[operating systems]
c:\boot.lnx = "Slareware Linux 9.1"
...
- re-start the Wxp and there should be an option on the Wxp
loader to boot to Linux partition.
- If you only want to boot to the Linux partition only, just set
the active partition to the Linux installation partition (in this
case, it is hda1) and reboot the Windows again.
SSH Tunnelling and VNC
======================
ssh -L x:localhost:y anotherhost
means connect to anotherhost using ssh and listen to port x on the local machine and forward any connections there to port y on anotherhost.
To start a VNC server type:
vncserver
To start a VNC viewer type:
vncviewer <name.of.remote.machine>:<display.number>
Using secure VNC with ssh, if a VNC server is running as display:1 on a system called linuxserver, you can start a secure SSH session by typing:
ssh -L 5902:localhost:5901 linuxserver
So now, connecting to port 5902 on a local machine actually connects to port 5901 on linuxserver. Thus to connect from a client machine:
vncviewer localhost:2
SSH X11 port forwarding
========================
On SSH server (remote host):
To check SSH is setup for X11 port forwarding, look at the file:
/etc/ssh/sshd_config
and see if the statement is present:
X11 Forwarding yes
then restart X11
/etc/init.d/sshd restart
On Cygwin (client):
- copy /etc/defaults/etc/ssh_config into ~/.ssh
- ensure the following are set:
ForwardX11 yes
ForwardX11Trusted yes
- DO NOT export DISPLAY=localhost:0.0
To ssh with X11 forwarding (may be different for different Unix/Linux)
ssh -X <name>@<host>
USB Mounting
=============
1. must be root to do this.
mount -t vfat /dev/sda1 /mnt/usb/
2. Alternatively, modify /etc/fstab file to have this line
/dev/sda1 /usbdisk vfat user,exec 1 1
Then any user can type
mount /usbdisk
and the files on the usb will have User's permissions
3. To unmount, type:
umount /mnt/usb/
or
umounut /usbdisk
Loading Profiles
================
/etc/profile -> /home/<user>/.profile -> /home/<user>/.bashrc
Master startup scripts are in /etc :
bashrc profile csh.cshrc csh.login
/etc/profile.d contains application specific Macro variables, eg.
java.sh java.csh
Linux Firewall
===============
/sbin/iptables --- executable
/etc/init.d/iptables --- script file
/etc/sysconfig/iptables --- configuration file
To stop firewall
/etc/init.d/iptables stop
To start firewall
/etc/init.d/iptables start
To check firewall
/sbin/iptables -L --line-numbers --- to see various rules
/sbin/iptables -nL <INPUT/OUTPUT/RH-Firewall> --- to see various rules and ports
Chains
/sbin/iptables -F [chain] --- deleting all rules in the chain
/sbin/iptables -X [chain] --- delete optional user-def chain
/sbin/iptables -Z [chain] --- to reset / zero packet and byte counter
/sbin/iptables -N [chain] --- to create new user-def chain
<Target>: {Accept, Queue, Drop, Return}
Rule-specifications
/sbin/iptables -D chain rule --- delete rule in chain
/sbin/iptables -A chain rule --- append rule to end of chain
/sbin/iptables -I chain [rulenum] rule --- insert rule at rulenum or 1st position of chain
/sbin/iptables -R chain rulenum rule --- replace rule to at rulenum positin of chain
Rules specs: -<s/d> [!] IPaddr[/mask] [!] [port[:port]]
!=negate, []=optional
Other Parameters
-i --- interface, eg eth0
-p --- protocol, eg tcp, udp, icmp, all
-s --- source (see above)
-d --- destination (see above)
-j --- jump <target>
-m state --- match with the state module
--line-numbers
<James Sainsbury help>
Example - Webserver httpd - open at port 80
iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT - Open HTTP port
or
So locate the rule in RH-Firewall-1-INPUT for WWW
eg iptables --line -L RH-Firewall-1-INPUT
eg 9 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
and insert a rule just after that rule (9 here) so insert before rule 10
# iptables -I RH-Firewall-1-INPUT 10 -p tcp -s 0/0 -d enrol1 -dport 8080 -m state --state NEW -j ACCEPT
If you are satisfied the rule is working save the ruleset with
/etc/init.d/iptables save
If you trash the ruleset but haven't saved just
/etc/init.d/iptables restart
(You will notice there is a preceding rule
7 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
which accepts incoming packets as part of an ongoing connection.)
</James Sainsbury help>
To Save iptables:
/sbin/service iptables save
My Example for opening ports on local enrol1 to communicate with BIS on eb
iptables -I RH-Firewall-1-INPUT 12 -p tcp -s eb -d enrol1 --sport 49153:49155 -m state --state NEW -j ACCEPT
- To redirect all external traffic coming into port 80 into port 8080:
1. Use firewall configuration software to accept all TCP traffic from destination port 8080
2. (as root): iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j REDIRECT --to-port 8080
- To redirect internal traffic coming into port 80 to port 8080
1. use program called rinetd.
2. in the /etc/rinetd.conf, have the line
"xx.xx.xx.xx 80 xx.xx.xx.xx 8080"
3. start the rinetd service
Linux Runlevels - Auto Startup
==============================
/usr/sbin/xxxd --- daemon or startup file to run
/etc/xxx.conf --- configuration file of the progran
/var/run/xxxd.pid --- process ID of the file that run
Runlevels
0 - system shutdown
1 - single user, no networking or daemons, for maintenance
2 - multiuser but no NFS, can access network but others cannot get in
3 - normal multiuser, no X login
4 - undefined
5 - multiuser X Display manager, X login from consoles
6 - reboot
s/S - single user mode
/etc/inittab - shows how the system is initialized
/etc/rc.d/init.d/ - list of daemon files, used or not used in startup
/etc/rc.d/rc3.d/ - links to actual files in init.d, at this particular runlevel 3
Program Sequence Config file
at Startup
===========================================
/sbin/init /etc/inittab
/etc/rc.d/init.d/* /etc/sysconfig/daemons
/etc/rc.d/rcN.d/*
(Sym links of init.d)
Note the files in rcN.d are preceded by K or S and a number
K = kill job
S = start job
number = order of pograms
To check what services are running:
/sbin/chkconfig --list
service <service name> status
- Remember to check Linux Firewalls if network services do not start
- edit script files in /etc/init.d/ to contain
1. start/stop functions (and others functions restart)
2. commands in start function MUST NOT BE EXECUTABLE commands. They
should be executable scripts.
3. use daemon function to run as non-root user
4. DO NOT USE & (forking) at the end of command
5. Example:
daemon --user=<userName> <ShellScriptName> 1> job.log 2>&1
- To register
/sbin/chkconfig --level 5 initdScript on
Block web-ads
==============
Most of us can't stand getting pummeled by ads everytime we go to a website. There
are a couple of ways to stop these ads. One is to edit your /etc/hosts file and list
your loopback address, 127.0.0.1, with the ad hosting address. For example, to
block ads from ar.atwola.com open up /etc/hosts as root:
[root@blueox]# vim /etc/hosts
Next, add the following line:
127.0.0.1 ar.atwola.com
This will line will tell your browser to look on 127.0.0.1 for the ads from
ar.atwola.com. Since localhost doesn't have the ad, it won't be displated.
You can download a hosts file that has a multitude of ads to block.
Personally I DO NOT RECOMMEND THIS approach. I have noticed that
my computer slows down trying to search through the hosts file.
The RECOMMENDED approach for firefox and mozilla users is to go to
the chrome directory of your personal browser folder.
[lumbrjackedpcj@blueox]# cd ~/.mozilla/firefox/dxshwykf.default/chrome
The directory dxshwykf.default will be different for you installation.
1. First, create the file userContent.css
[lumbrjackedpcj@blueox]# touch userContent.css
2. Next, edit this file with your favorite text editor
[lumbrjackedpcj@blueox]# vim userContent.css
3. Now, following the instrunctions on http://www.mozilla.org/support/firefox/adblock,
copy this userContent.css and paste it in yours.
SELinux Configuration
======================
Intro
The latest releases of Linux distributions incorporate the mandatory access
control architecture SELinux of the NSA into the Linux kernels.
More information on SELinux can be found at the following link:
http://www.nsa.gov/selinux/info/faq.cfm
/usr/sbin/sestatus -v --- to get status of selinux
En/Disabling SELinux:
1 - in your /etc/sysconfig/selinux file, set:
SELINUX=<disabled|enforcing|permissive>
... this is not TRUE disable, it only switches off enforcing and skips loading policy.
2 - if using GRUB as bootloader
go to /boot/grub/grub.conf or menu.lst (symlink to grub.conf)
add this line to the correct boot section
selinux=<0|1>
3 - if using LILO (... to be completed ..., contributions welcome)
Error Message:
"error while loading shared libraries: /usr/lib/liba52.so.0: cannot restore segment prot after reloc: Permission denied"
then your SELinux configuration is preventing your application from launching.
Solutions:
For shared libraries failing to load, try:
chcon -t texrel_shlib_t /usr/lib/liba52.so.0
For some other libraries
chcon -c -v -R -u system_u -r object_r -t lib_t $InstallationDirectory/SystemFiles/Libraries/
# View file/directory contexts: ls -Z /var/www
# Set file/directory context:
chcon -R -h -t httpd_sys_content_t /home/user1/public_html
Options:
* -R: Recursive. Files and directories in current directory and all subdirectories.
* -h: Affect symbolic links.
* -t: Specify type of security context.
# View security context of running processes: ps -eZ
# View security context of a user: id
uid=500(user1) gid=500(user1) groups=500(user1) context=user_u:system_r:unconfined_t
# Security contexts for a new file default to that of the parent directory.
For using SELinux with cgi-bin and files in Symbolic links
============================================================
Example:
perl script: /var/www/cgi-bin/overview
Data file: /home/BIS/BIS/log/ANGLE.txt
Symbolic Link: /var/www/html/BIS/ANGLE.txt
The security context, especially the subdirectories that contain it are
as follows:
/var/www/cgi-bin/overview root:object_r:httpd_sys_script_exec_t
/var/www/html/BIS user_u:object_r:httpd_sys_content_t
/var/www/html/BIS/ANGLE.txt user_u:object_r:httpd_sys_content_t
/home system_u:object_r:home_root_t
/home/BIS user_u:object_r:user_home_dir_t
/home/BIS/BIS user_u:object_r:httpd_sys_content_t
/home/BIS/BIS/log user_u:object_r:httpd_sys_content_t
/home/BIS/BIS/log/ANGLE.txt user_u:object_r:httpd_sys_content_t
Note that it is enough to ensure the "type" context at the /home/BIS/BIS
level and its contents seem to inherit the type.
RPM
===
Redhat package manager
Query
rpm -q -a --- list all packages
rpm -q -p <package_path.rpm> --- list packages inside package_path rpm file
rpm -q -l -p <package_path.rpm> --- list all files inside package_path rpm file
rpm -q -a -i --- list info on all packages
rpm -q -a -f --- list files of all packages
Installing Source RPMs
=======================
1. Get source code in rpm form from the "SRPMS" or "SOURCE" directories
in common repositories
http://download.fedora.redhat.com/pub/fedora/linux/core/5/source/SRPMS/
2. As root, unpack the source RPMs
rpm -ivh example.src.rpm
.... this will put the patches in /usr/src/redhat/SOURCES. But these
are not the real working file.
.... there is also a build *.spec file put in /usr/src/redhat/SPECS
3. Build the source code of the packages using:
command: rpmbuild -bp --target=<arch> kernel.spec
# cd /usr/src/redhat/SPECS/
# rpmbuild -bp --target=i686 kernel-2.6.spec
.... the source may appear in /usr/src/redhat/BUILD
4. Modify and recompile source
5. Package into rpm using:
Linux Commands
===============
XConfuration:
/usr/sbin/mouseconfig ------- mouse
chsh ------------------------- to change default shell
grep chee /etc/passwd -------- tells you what shell you are from
Xconfigurator ---------------- to use XFree86
/etc/X11/XF86Config ---------- configuration file
ls /usr/lib/X11/rgb.txt ------ to see a list of X11 defined color names
/usr/sbin/timeconfig --------- change time
/usr/sbin/ntsysv ------------- choose program to
/sbin/chkconfig -------------- boot during startup
/usr/doc/HOWTO --------------- HowTo help files
Commands:
useradd **** ----------------- add user with name ****
passwd ***** ----------------- make password for user
pwd -------------------------- print working directory
su **** ---------------------- to change to another user (from superuser)
su --------------------------- superuser
/sbin/shutdown -r now -------- shutdown and reboot now
startx ----------------------- to start X windows
ps -e/f/a/l/u ---------------- process
mount /dev/fd0 /tmp ---------- mount 1st floppy drive to /tmp
umount /tmp ------------------ umount any device from /tmp
cat notes >> notes2 ---------- prints the contents of a file to standard output
and then redirects and APPEND to file "notes2"
head [-count] ***** list first few lines of file
tail [-/+ [startline] [bcl]] *** list the last few lines
wc **** ---------------------- count the number of words, lines etc in a file
alias l='ls -al' ------------- make an alias, eg. to list files
ln **file1** **file2** ------- link file2 to original file 1 (hard link)
ln -s **file1** **file2**----- do symbolic link
ls -i ------------------------ list file and look and their i-node to see linked files
rsync -auv src dest ---------- copy / update between local/remote src/dest
size ------------------------- to calculate the size of the program
wc -l/c/w **file** ----------- Word Count lines, characters, words in a file
tr --------------------------- Translate, delete or replace text in a file.
tar cf - . | zip name - ***** Tar and then zip
unzip -p backup | tar xf - *** reverse of above - ie. unzip and untar
script <filename> ------------ starts a shell - records the whole sesion - exit the shell to stop script
Help Commands:
man -k **** ------------------ to search for keywords in manual entries
man # intro ------------------ #={1..8}, 8 intro topics of Unix manual.
man -M /opt/lam/man mpirun --- manual for "mpirun" program installed in /opt/lam
rpm -qdf /usr/bin/rtin ------- query
zless /usr/doc/HOWTO/...gz --- read compressed howto files without uncompressing
locate -d <dbfile> <filename>- find a command or file called filename
updatedb --localpath=<dirPath> --output=<dbfile>
to update data file before using locate
dirPath=path of file system to put in db
dbfile=database file to log info to.
slocate ...... replaces updatedb and locate commands
/etc/cron.daily/update ------- create database before using locate
find / -name .... ------------ find the file named ....
find ~ -size 0 -print -------- find file with zero size
crontab -e ------------------- to edit the crontab for current user
Build / Compile Programs
./configure --prefix=/home/che sets the installation to your local dir so no need root permissions
Environment:
set -------------------------- to list enviroment variables
xport AUTO=VW ---------------- set the variable auto=vw
alias ls='ls -color=auto' ---- colorize ls .. put this in .profile or .bashrc
./a.out ---------------------- to execute the file "a.out"
. <command/script> ----------- execute command or script in CURRENT environment
Process Control:
kill -9 PID ----------------- sure kill the process
nohup **** ------------------ No hang-up for process ****
nice -# **** ---------------- reduce priority of command
nice --# **** --------------- increase priority of command
sleep **** ------------------ timer - stalls for certain time
at -l/r/m time date **** ---- timer - run command AT specified TIME
Compilers
cc -------------------------- SGI MIPS c compiler
CC -------------------------- SGI MIPS c++ compiler
gcc ------------------------- gnu c compiler
g++ ------------------------- gnu c++ compiler
insight --------------------- online help manual on SGI MIPS C/C++ compilers
Gnuplot
load "plotfile" ------------- runs the script file "plotfile"
set term postscript color
set output "file.ps" -------
Emacs
<shift> <left-mouse> -------- change font size
.Xdefaults ------------------ change emacs properties
M-x replace-strings --------- to replace all occurances of strings
C-q C-m --------------------- produces the letters "^M"
M-x replace-strings, C-q C-m dos2unix file conversion within emacs
C-c C-w --------------------- Fortran End of Column marker
C-c C-r --------------------- Fortran ruler
M-C-j ----------------------- Fortran continuation line
Browsers:
netscape -install ----------- make colour look better
Graphics
gif2ppm --------------------- convert gif to portable pixmap format
pnmtogif -------------------- convert any pixmap to gif
pstoimg -transparent -------- make background transparent
Secure Operations
scp newfile chee@parallel.hpc.unsw.edu.au:~/programs
Networking
nslookup www.google.com ----- returns the IP address of the URL
ping ------------------------
ifconfig <ethernet card> ---- configuration of adapter
netstat -in -----------------
echo 1 >/proc/sys/net/ipv4/ip_forward -- allow routing
echo 1 >/proc/sys/net/ipv4/conf/all/rp_filter -- prevent IP spoofing
System Admin / Setup
/etc/passwd ----------------- user details
/etc/sys_id ----------------- name of the system
/etc/hosts ------------------ list of IP address and Names
~/.rhosts ------------------- list of computers and usernames for rsh without password
background ------------------ customizing background of screen
ls -l /lib/libc-* ---------- check the glibc version
uname -r ------------------ check the kernel version
/etc/rc.d/rc.local ---------- startup programs are included here
System /Hardware Information
lsmod ----------------------- list loaded modules
lsdev ----------------------- display info about installed hardware
modinfo --------------------- information about installed modules
free ------------------------ display free/used memory on the system
more /proc/interrupts ------- view IRQ channels
more /proc/dma -------------- view dma channels
more /proc/ioports ---------- view I/O memory addresses
Change Resources
ulimit -a ------------------- check user limit
ulimit -aH ------------------ check user HARD-limit
ulimit -s 32678 ------------- set SOFT & HARD stack limit
ulimit -sS 32678 ------------ set SOFT stack limit
echo 8192 >/proc/sys/fs/file-max --- increase number of files openable
echo 16384 >/proc/sys/fs/inode-max --- increase number of files openable
File Commands
file ***** ------------------- prints the type of the file ****
find -c ---------------------- find file which has changed
stat -t ---------------------- provides info about file
diff file1 file2 ------------- output differences between files
Remote X Gui Interface
startX ----------------------- starts the X server
startkde --------------------- starts the KDE desktop
Modules
insmod ----------------------- insert module quick UNSAFE way
modprobe --------------------- insert module SAFE way
Labels:
32bit,
64bit,
Bash,
Dual booting,
firewall,
fstab,
iptables,
Lilo,
linux,
Loading Profiles,
RPMs,
runleves,
SELinux configuration,
SSH Tunnelling,
USB Mounting,
X11 Port Forwarding
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment