How to get hardware information from linux system

How to get hardware information from linux system

  
 

  
 
 
 
  Getting Information about the Hard drive and list all PCI devices.

               $ hdparm /dev/hda

                 /dev/hda:
                  multcount    = 16 (on)
                  IO_support   =  0 (default 16-bit)
                  unmaskirq    =  0 (off)
                  using_dma    =  1 (on)
                  keepsettings =  0 (off)
                  readonly     =  0 (off)
                  readahead    = 256 (on)
                  geometry     = 16383/255/63, sectors = 234375000, start = 0

           or for SCSI

               $ hdparm /dev/sda

           Try it with the -i option for information

               $ hdparm -i /dev/hda

               /dev/hda:

               Model=IC35L120AVV207-1, FwRev=V24OA66A, SerialNo=VNVD09G4CZ6E0T
               Config={ HardSect NotMFM HdSw>15uSec Fixed DTR>10Mbs }
               RawCHS=16383/16/63, TrkSize=0, SectSize=0, ECCbytes=52
               BuffType=DualPortCache, BuffSize=7965kB, MaxMultSect=16, MultSect=16
               CurCHS=16383/16/63, CurSects=16514064, LBA=yes, LBAsects=234375000
               IORDY=on/off, tPIO={min:240,w/IORDY:120}, tDMA={min:120,rec:120}
               PIO modes:  pio0 pio1 pio2 pio3 pio4
               DMA modes:  mdma0 mdma1 mdma2
               UDMA modes: udma0 udma1 udma2 udma3 udma4 *udma5
               AdvancedPM=yes: disabled (255) WriteCache=enabled
               Drive conforms to: ATA/ATAPI-6 T13 1410D revision 3a:  2 3 4 5 6

           How fast is your drive?

               $ hdparm -tT /dev/hda

               /dev/hda:
               Timing buffer-cache reads:   128 MB in  0.41 seconds =315.32 MB/sec
               Timing buffered disk reads:  64 MB in  1.19 seconds = 53.65 MB/sec

           Need to find your device?

               $ mount
                  or
               $ cat /proc/partitions
                  or
               $ dmesg | egrep '^(s|h)d'

                  which for my system lists:

                     hda: IC35L120AVV207-1, ATA DISK drive
                     hdc: Lite-On LTN486S 48x Max, ATAPI CD/DVD-ROM drive
                     hda: max request size: 1024KiB
                     hda: 234375000 sectors (120000 MB) w/7965KiB Cache, CHS=16383/255/63, UDMA(100)

            By the way, if you want to turn on dma

                $ hdparm -d1 /dev/hda
                  setting using_dma to 1 (on)
                  using_dma    =  1 (on)

       
    List all PCI devices

               $ lspci -v

         00:00.0 Host bridge: Intel Corp. 82845G/GL [Brookdale-G] Chipset Host Bridge (rev
                 Subsystem: Dell Computer Corporation: Unknown device 0160
                 Flags: bus master, fast devsel, latency 0
                 Memory at f0000000 (32-bit, prefetchable) [size=128M]
                 Capabilities: 

             ... lots more ...


          Note, there is also lspci -vv for even more information.

How to mount iso image as a file sysem or without dvd how to install OS from image file

How to mount iso image as a file sysem or without dvd how to install OS from image file

  
 

 
  
 
 
 Mounting an ISO Image as a Filesystem --

 This is great if you don't have the DVD hardware, but, need to get at the data. 

 The following show an example of mounting the Fedora core 2 as a file.

        $ mkdir /iso0
        $ mount -o loop -t iso9660 /FC2-i386-DVD.iso  /iso0

      Or to mount automatically at boot, add the following to "/etc/fstab"

      

   /FC2-i386-DVD.iso /iso0     iso9660 rw,loop  0 0

How to protect tape data from unauthorised access

How to protect tape data from unauthorised access

  
 

 
 
 
 
 Encrypting Data to Tape using "tar" and "openssl".

    The following shows an example of writing the contents of "tapetest" to tape:


       $ tar zcvf - tapetest|openssl des3 -salt  -k secretpassword | dd of=/dev/st0




    Reading the data back:

       $ dd if=/dev/st0|openssl des3 -d -k secretpassword|tar xzf -

Using mt commands to reading and writing tapes in linux

Using mt commands to reading and writing tapes in linux

  
 

 
 
 
 Working with "mt" Commands: reading and writing to tape.

    The following assumes the tape device is "/dev/st0"

    STEP 1 ( rewind the tape)

         # mt -f /dev/nst0 rewind

    STEP 2 (check to see if you are at block 0)

         # mt -f /dev/nst0 tell
           At block 0.

    STEP 3 (Backup "tar compress"  directories "one"  and "two")

         # tar -czf /dev/nst0 one two

    STEP 4 (Check to see what block you are at)

          # mt -f /dev/nst0 tell

      You should get something like block 2 at this point.

    STEP 5 (Rewind the tape)

          # mt -f /dev/nst0 rewind

    STEP 6 (List the files)

          # tar -tzf /dev/nst0
             one/
             one/test
             two/

    STEP 7 (Restore directory "one"  into directory "junk").  Note, you
         have to first rewind the tape, since the last operation moved
         ahead 2 blocks. Check this with "mt -f /dev/nst0".

          # cd junk
          # mt -f /dev/nst0 rewind
          # mt -f /dev/nst0 tell
             At block 0.
          # tar -xzf /dev/nst0 one

    STEP 8 (Next, take a look to see what block the tape is at)

          # mt -f /dev/nst0 tell
             At block 2.

    STEP 9 (Now backup directories three  and four)

          # tar -czf /dev/nst0 three four

      After backing up the files, the tape should be past block 2.
      Check this.

          # mt -f /dev/nst0 tell
            At block 4.

         Currently the following exist:

               At block 1:
                    one/
                   one/test
                   two/

               At block 2:
                   three/
                   three/samplehere
                   four/

               At block 4:
                   (* This is empty *)

    A few notes. You can set the blocking factor and a label
    with tar. For example:

     $ tar --label="temp label" --create  --blocking-factor=128 --file=/dev/nst0 Notes

    But note if you try to read it with the default, incorrect blocking
    factor, then, you will get the following error:

       $ tar -t   --file=/dev/nst0
       tar: /dev/nst0: Cannot read: Cannot allocate memory
       tar: At beginning of tape, quitting now
       tar: Error is not recoverable: exiting now

    However this is easily fixed with the correct blocking factor

        $ mt -f /dev/nst0 rewind
        $ tar -t --blocking-factor=128 --file=/dev/nst0
        temp label
        Notes

    Take advantage of the label command.

        $ MYCOMMENTS="Big_important_tape"
        $ tar --label="$(date +%F)"+"${MYCOMMENTS}"

    Writing to tape on a remote 192.168.1.155 computer

        $ tar cvzf - ./tmp | ssh -l chirico 192.168.1.155 '(mt -f /dev/nst0 rewind; dd of=/dev/st0 )'

    Restoring the contents from tape on a remote computer

        $ ssh -l chirico 192.168.1.155 '(mt -f /dev/nst0 rewind; dd if=/dev/st0  )'|tar xzf -

    Getting data off of tape with dd command with odd blocking factor. Just set ibs very high

        $ mt -f /dev/nst0 rewind
        $ tar --label="Contenets of Notes" --create  --blocking-factor=128 --file=/dev/nst0 Notes
        $ mt -f /dev/nst0 rewind
        $ dd ibs=1048576 if=/dev/st0 of=notes.tar

    The above will probably work with ibs=64k as well

How to protect web document and directory by using password in apache web server

How to protect web document and directory by using password in apache web server

  
 

 
 
 Apache: Creating and Using an ".htaccess" File


    Below is a sample ".htaccess" file which goes in
    "/usr/local/apache/htdocs/chirico/alpha/.htaccess" for this
    example


        AuthUserFile /usr/local/apache/htdocs/chirico/alpha/.htpasswd
        AuthGroupFile /dev/null
        AuthName "Your Name and regular password required"
        AuthType Basic

        
        require valid-user
        

   In order for this to work /usr/local/apache/conf/httpd.conf must
   have the following line in it:


      #
      
          AllowOverride FileInfo AuthConfig Limit
          Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
          
              Order allow,deny
              Allow from all
          
          
              Order deny,allow
              Deny from all
          
      



   Also, a password file must be created

     $ /usr/local/apache/bin/htpasswd -c .htpasswd chirico

   And enter the user names and passwords.

   Next Reload Apache:

     $ /etc/init.d/httpd reload

How to check the network services running in linux

How to check the network services running in linux

  
 

 
  What Network Services are Running?

         $ netstat -atup

     or

         $ netstat -ap|grep LISTEN|less

    This can be helpful to determine the services running.

    Need stats on dropped UDP packets?

         $ netstat -s -u

     or TCP

         $ netstat -s -t

    or summary of everything

         $ netstat -s

    or looking for error rates on the interface?

         $ netstat -i

    Listening interfaces?

         $ netstat -l

How to keep logs longer with less space and logrotate.conf configuration

How to keep logs longer with less space and logrotate.conf configuration

  
 

 
 Normally logs rotate monthly, over writing all the old data.  Here's a
  sample "/etc/logrotate.conf" that will keep 12 months of backup
  compressing the logfiles

    $ cat /etc/logrotate.conf

          # see "man logrotate" for details
          # rotate log files weekly
          #chirico changes to monthly
          monthly

          # keep 4 weeks worth of backlogs
          # keep 12 months of backup
          rotate 12

          # create new (empty) log files after rotating old ones
          create

          # uncomment this if you want your log files compressed
          compress

          # RPM packages drop log rotation information into this directory
          include /etc/logrotate.d

          # no packages own wtmp -- we'll rotate them here
          /var/log/wtmp {
              monthly
              create 0664 root utmp
              rotate 1
          }

          # system-specific logs may be also be configured here.

How to prevent SSH remote root login

How to prevent SSH remote root login

  
 

 Securing the System: Don't allow root to login remotely.  Instead,
    the admin could login as another account, then, "su -".  However,
    root can still login "from the local terminal".

    In the "/etc/ssh/sshd_config" file change the following lines:

       Protocol 2
       PermitRootLogin no
       PermitEmptyPasswords no

    Then, restart ssh

       /etc/init.d/sshd restart

    Why would you want to do this?  It's not possible for anyone to guess
    or keep trying the root account.  This is especially good for computers
    on the Internet. So, even if the "root" passwords is known, they can't
    get access to the system remotely.  Only from the terminal, which is locked
    in your computer room. However, if anyone has a account on the server,
    then, they can login under their  account then "su -".

    Suppose you only want a limited number of users:  "mchirico" and "chumma".
    Add the following line to "/etc/ssh/sshd_config". Note, this allows access
    for chirico and chumma, but everyone else is denied.

        #  Once you add AllowUsers - everyone else is denied.

        AllowUsers mchirico chumma

SSH key generation, SSH key update , SSH login without prompting password everytime

SSH key generation, SSH key update , SSH login without prompting password everytime

  
 In local Server

      $  ssh-keygen -t dsa -b 2048

    This will create the two files:

           .ssh/id_dsa (Private key)
           .ssh/id_dsa.pub  (Public key you can share)

    Next insert ".ssh/id_dsa.pub" on the remote server in the file  ".ssh/authorized_keys" and ".ssh/authorized_keys2"
    Change the  permission of each file to (chmod 600).
    Make sure the directory ".ssh" exists on the remote computer with 700 rights.
    Ok, assuming  192.168.1.155 is the remote server and "chumma" is the account on that remote server.

      $ ssh chumma@192.168.1.155 "mkdir -p .ssh"
      $ ssh chumma@192.168.1.155 "chmod 700 .ssh"
      $ scp ./.ssh/id_dsa.pub  chumma@192.168.1.155:.ssh/newkey.pub

    Now connect to that remote server "192.168.1.155" and add .ssh/newkey.pub
    to both "authorized_keys" and "authorized_keys2".  When done, the permission
    on
      (This is on the remote server)

       $chmod 600 .ssh/authorized_key*


  SSH login without prompting password everytime


    Next, go back to the local server and issue the following:

       $ ssh-agent $SHELL
       $ ssh-add

    The "ssh-add" will allow you to enter the passphrase and it will
    save it for the current login session.

    You don't have to enter a password when running "ssh-keygen" above. But,
    remember anyone with root access can "su - " and then connect
    to your computers.  It's harder, however, not impossible, for root to do
    this if  you have a password.

How to protect files from users or unalterable by anybody

How to protect files from users or unalterable by anybody

  
How to make a File "immutable" or "unalterable" -- it cannot be changed
or deleted even by root. Note this works on (ext2/ext3) filesystems.
And, yes, root can delete after it's changed back.


    As root:


      $ chattr +i filename


    And to change it back:


      $ chattr -i filename


    List attributes

      $ lsattr filename

For more info please try man chattr & man lsattr

System, User and Access information in linux

System, User and Access information in linux

  Who and What is doing What on Your System - finding open sockets,files etc.

      $ lsof
         or as root
      $ watch lsof -i

    To list all open Internet files, use:

      $ lsof -i -U

    You can also get very specific about ports. Do this as root for low
    ports.

      $ lsof -i TCP:3306

    Or, look at UDP ports as follows:

      $ lsof -i UDP:1812

     

    Also try fuser. Suppose you have a mounted file-system, and you need
    to umount it. To list the users on the file-system /work

      $ fuser -u /work

    To kill all processes accessing the file system /work  in  any way.

      $ fuser -km /work

    Or better yet, maybe you want to eject a cdrom on /mnt/cdrom

      $ fuser -km /mnt/cdrom


    If you need IO load information about your system, you can execute
    iostat. But note, the very first iostat gives a snapshot since
    the last boot. You typically want the following command, which gives
    you 3 outputs every 5 seconds.

      $ iostat -xtc 5 3
      Linux 2.6.12-1.1376_FC3smp (squeezel.squeezel.com)  

      Time: 07:05:04 PM
      avg-cpu:  %user   %nice %system %iowait   %idle
                 0.97    0.06    1.94    0.62   96.41

      Time: 07:05:09 PM
      avg-cpu:  %user   %nice %system %iowait   %idle
                 0.60    0.00    1.70    0.00   97.70

      Time: 07:05:14 PM
      avg-cpu:  %user   %nice %system %iowait   %idle
                 1.00    0.00    1.60    0.00   97.39

    vmstat reports memory statistics. for vmstat for
    I/O subsystem total statistics.


      $ vmstat
      $ ifconfig
      $ cat /proc/sys/vm/.. (entries under here)


    
    Also

      $ cat /proc/meminfo
      $ cat /proc/stat

      $ cat /proc/uptime
      1078623.55 1048008.34       First number is the number of seconds since boot.
                                  The second number is the number of idle seconds.

      $ cat /proc/loadavg
      0.25 0.14 0.10 1/166 7778   This shows load at 1,5, and 15 minutes,
                                  a total of 1 current running process out
                                  from a total of 166. The 7778 is the last
                                  process id used.
                                  Ref: http://www.teamquest.com/resources/gunther/ldavg1.shtml

    Or current process open file descriptors

       $ ls -l /proc/self/fd/0
           lrwx------    1 chirico  chirico        64 Jun 29 13:17 0 -> /dev/pts/51
           lrwx------    1 chirico  chirico        64 Jun 29 13:17 1 -> /dev/pts/51
           lrwx------    1 chirico  chirico        64 Jun 29 13:17 2 -> /dev/pts/51
           lr-x------    1 chirico  chirico        64 Jun 29 13:17 3 -> /proc/26667/fd

     So you could, $ echo "stuff" > /dev/pts/51, to get output. Note, tree is also
     helpful here:

        $ tree /proc/self

           /proc/self
           |-- auxv
           |-- cmdline
           |-- cwd -> /work/souptonuts/documentation/theBook
           |-- environ
           |-- exe -> /usr/bin/tree
           |-- fd
           |   |-- 0 -> /dev/pts/51
           |   |-- 1 -> /dev/pts/51
           |   |-- 2 -> /dev/pts/51
           |   `-- 3 -> /proc/26668/fd
           |-- maps
           |-- mem
           |-- mounts
           |-- root -> /
           |-- stat
           |-- statm
           |-- status
           |-- task
           |   `-- 26668
           |       |-- auxv
           |       |-- cmdline
           |       |-- cwd -> /work/souptonuts/documentation/theBook
           |       |-- environ
           |       |-- exe -> /usr/bin/tree
           |       |-- fd
           |       |   |-- 0 -> /dev/pts/51
           |       |   |-- 1 -> /dev/pts/51
           |       |   |-- 2 -> /dev/pts/51
           |       |   `-- 3 -> /proc/26668/task/26668/fd
           |       |-- maps
           |       |-- mem
           |       |-- mounts
           |       |-- root -> /
           |       |-- stat
           |       |-- statm
           |       |-- status
           |       `-- wchan
           `-- wchan

           10 directories, 28 files

    Need a listing of the system settings?

      $ sysctl -a

    Need IPC (Shared Memory Segments, Semaphore Arrays, Message Queue) status
    etc?

      $ ipcs
      $ ipcs -l  "This gives limits"

    Need to "watch" everything a user does?  The following watches donkey.

      $ watch lsof -u donkey

    Or, to see what in  going on in directory "/work/junk"

      $ watch lsof +D /work/junk

Using shred to delete a file and nobody can recover

Using shred to delete a file and nobody can recover

  You have a file "secret".  The following makes it so no one
     can read it.  If the file was 12 bytes, it's now 4096 after it
     has been over written 100 times.  There's no way to recover this.

      $ shred -n 100 -z secret

    Want to remove the file? Use the "u" option.

      $ shred -n 100 -z -u test2

    It can be applied to a device

      $ shred -n 100 -z -u /dev/fd0


      CAUTION: Note that shred relies on a very important assumption: that the file system  overwrites  data
      in  place.   This is the traditional way to do things, but many modern file system designs do not sat-
      isfy this assumption.  The following are examples of file systems on which shred is not effective,  or
      is not guaranteed to be effective in all file system modes:

      * log-structured or journaled file systems, such as those supplied with

             AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)

How to put Running job into the background

How to put Running job into the background

  You're running a job at the terminal prompt, and it's taking
     a very long time. You want to put the job in the backgroud.

      "CTL - z" Temporarily suspends the job
      $ jobs     This will list all the jobs
      $ bg %jobnumber (bg %1)  To run in the background
      $ fg %jobnumber          To bring back in the foreground

    Need to kill all jobs -- say you're using several suspended
    emacs sessions and you just want everything to exit.

      $ kill -9  `jobs -p`

    The "jobs -p" gives the process number of each job, and the
    kill -9 kills everything. Yes, sometimes "kill -9" is excessive
    and you should issue a "kill -15" that allows jobs to clean-up.
    However, for exacs session, I prefer "kill -9" and haven't had
    a problem.

    Sometimes you need to list the process id along with job
    information. For instance, here's process id with the listing.

      $ jobs -l

    Note you can also renice a job, or give it lower priority.

      $ nice -n +15 find . -ctime 2 -type f  -exec ls {} \; > last48hours
       ^z
      $  bg

    So above that was a ctl-z to suppend. Then, bg to run it in the background.
 Now, if you want to change the priority lower you just renice it, once you know the process id.

      $ jobs -pl
  [1]+ 29388 Running                 nice -n +15 find . -ctime 2 -exec ls -l {} \; >mout &

      $ renice +30 -p 29388
       29388: old priority 15, new priority 19

     19 was the lowest priority for this job. You cannot increase the priority unless you are root.

How to use man and info commands

How to use man and info commands

 The "info" is a great utility for getting information about the system.
    Here's a quick key on using "info" from the terminal prompt.

      'q' exits.
      'u' moves up to the table of contents of the current section.
      'n' moves to the next chapter.
      'p' moves to the previous chapter.
      'space' goes into the selected section.


     The following is a good starting point:

       $ info coreutils

     Need to find out what a certain program does?

       $ whatis  open
      open   (2)  - open and possibly create a file or device
      open   (3)  - perl pragma to set default PerlIO layers for input and output
      open   (3pm)  - perl pragma to set default PerlIO layers for input and output
      open   (n)  - Open a file-based or command pipeline channel

     To get specific information about the open commmand

       $ man 2 open

      also try 'keyword' search, which is the same as the apropos command.
      For example, to find all the man pages on selinux, type the following:

       $ man -k selinux

      or the man full word search. Same as whatis command.

       $ man -f 

      This is a hint once you are inside man.

       space      moves forward one page
       b          moves backward
       y          scrolls up one line "yikes, I missed it!"
       g          goes to the beginning
       q          quits
       /  search, repeat seach n
       m          mark, enter a letter like "a", then, ' to go back
       '          enter a letter that is marked.



      To get section numbers

       $ man 8 ping

      Note the numbers are used as follows
        (This is OpenBSD)

        1  General Commands
        2  System Calls and Error Numbers
        3  C Libraries
        3p perl
        4  Devices and device drivers
        5  File Formats and config files
        6  Game instructions
        7  Miscellaneous information
        8  System maintenance
        9  Kernel internals

      To find the man page directly, "ls" command:

        $ whereis -m ls
        ls: /usr/share/man/man1/ls.1.gz /usr/share/man/man1/ls.1 /usr/share/man/man1p/ls.1p

      To read this file directly, do the following:

        $ man /usr/share/man/man1/ls.1.gz

      If you want to know the manpath, execute manpath.

        $ manpath
        /usr/share/man:/usr/X11R6/man:/usr/local/share/man:/usr/local/pgsql/man:/usr/man:/usr/local/man

Sharing Directories Among several users

Sharing Directories Among several users

Several people are working on a project in "/home/share" and they need to create documents and programs so that others in the
group can edit and execute these documents as needed.

 $  /usr/sbin/groupadd share
       $  chown -R root.share /home/share
       $  /usr/bin/gpasswd -a  share
       $  chmod 2775 /home/share

       $  ls -ld /home/share
            drwxrwsr-x    2 root     share        4096 Nov  8 16:19 /home/share
                  ^---------- Note the s bit, which was set with the chmod 2775

       $  cat /etc/group
         ...
          share:x:502:chirico,donkey,zoe
         ...          ^------- users are added to this group.

    The user may need to login again to get access. Or, if the user is currently
    logged in, they can run the following command:

      $ su - 

    Note, the above step is recommended over  "newgrp - share" since currently
    newgrp in FC2,FC3, and FC4 gets access to the group but the umask is not
    correctly formed.

    As root you  can test their account.

      $ su -    "You need to '-' to pickup thier environment  '$ su - chirico' "

    Note: SUID, SGID, Sticky bit. Only the left most octet is examined, and "chmod 755" is used
         as an example of the full command. But, anything else could be used as well. Normally
         you'd want executable permissions.

       Octal digit  Binary value      Meaning                           Example usage
           0           000       all cleared                             $ chmod 0755 or chmod 755
           1           001       sticky                                  $ chmod 1755
           2           010       setgid                                  $ chmod 2755
           3           011       setgid, sticky                          $ chmod 3755
           4           100       setuid                                  $ chmod 4755
           5           101       setuid, sticky                          $ chmod 5755
           6           110       setuid, setgid                          $ chmod 6755
           7           111       setuid, setgid, sticky                  $ chmod 7755

    A few examples applied to a directory below. In the first example all users in the group can
    add files to directory "dirA" and they can delete their own files. Users cannot delete other
    user's files.

       Sticky bit:
          $ chmod 1770  dirA

    Below files created within the directory have the group ID of the directory, rather than that
    of the default group setting for the user who created the file.

       Set group ID bit:
          $ chmod 2755  dirB

Configure multiple ip address on a single nic

Configure multiple ip address on a single nic

   
 Setting up 2 IP address on single NIC.

    STEP 1 (The settings for the initial IP address)

          $ cat /etc/sysconfig/network-scripts/ifcfg-eth0

           DEVICE=eth0
           BOOTPROTO=static
           BROADCAST=192.168.99.255
           IPADDR=192.168.1.155
           NETMASK=255.255.252.0
           NETWORK=192.168.1.0
           ONBOOT=yes

    STEP 2 (2nd IP address: )

          $ cat /etc/sysconfig/network-scripts/ifcfg-eth0:1

           DEVICE=eth0:1
           BOOTPROTO=static
           BROADCAST=192.168.99.255
           IPADDR=192.168.1.182
           NETMASK=255.255.252.0
           NETWORK=192.168.1.0
           ONBOOT=yes

The same way you can create multiple file like ifcfg-etho:x for multiple ip addressess,  where x can be upto 16 recommended.

Creating a Virtual File System and Mounting it with a Loopback Device.

Creating a Virtual File System and Mounting it with a Loopback Device.

 STEP 1 (Construct a 10MB file)

          $ dd if=/dev/zero of=/tmp/disk-image count=20480

         By default dd uses block of 512 so the size will be 20480*512

    STEP 2 (Make an ext2 or ext3 file system) -- ext2 shown here.

          $ mke2fs -q

         or if you want ext3

          $ mkfs -t ext3 -q /tmp/disk-image

         yes, you can even use reiser, but you'll need to create a bigger
         disk image. Something like "dd if=/dev/zero of=/tmp/disk-image count=50480".

          $ mkfs -t reiserfs -q /tmp/disk-image

         Hit yes for confirmation.  It only asks this because it's a file


    STEP 3 (Create a directory "virtual-fs" and mount. This has to be done as root)

          $ mkdir /virtual-fs
          $ mount -o loop=/dev/loop0 /tmp/disk-image /virtual-fs

        SPECIAL NOTE: if you mount a second device you will have to increase the
                      loop count: loop=/dev/loop1, loop=/dev/loop2, ... loop=/dev/loopn

         Now it operates just like a disk. This virtual filesystem can be mounted
         when the system boots by adding the following to the "/etc/fstab" file. Then,
         to mount, just type "mount /virtual-fs".

                /tmp/disk-image /virtual-fs ext2               rw,loop=/dev/loop0 0 0

    STEP 4 (When done, umount it)

          $ umount /virtual-fs


    SPECIAL NOTE: If you are using Fedora core 2, in the /etc/fstab you can take
             advantage of acl properties for this mount. Note the acl next to the
             rw entry. This is shown here with ext3.

                /tmp/disk-image     /virtual-fs ext3    rw,acl,loop=/dev/loop1 0 0

             Also, if you are using Fedora core 2 and above, you can mount the file
             on a cryptoloop.

               $ dd if=/dev/urandom of=disk-aes count=20480


               $ modprobe loop
               $ modprobe cryptoloop
               $ modprobe aes

               $ losetup -e aes /dev/loop0 disk-aes
               $ mkfs -t ext2 /dev/loop0
               $ mount -o loop,encryption=aes disk-aes 


             If you do not have Fedora core 2, then, you can build the kernel from source
             with some of the following options (not complete, yet)
              reference:
    http://cvs.sourceforge.net/viewcvs.py/cpearls/cpearls/src/posted_on_sf/acl/ehd.pdf?rev=1.1&view=log

                     Cryptographic API Support (CONFIG_CRYPTO)
                     generic loop cryptographic (CONFIG_CRYPTOLOOP)
                     Cryptographic ciphers (CONFIG_CIPHERS)
                     Enable one or more  ciphers  (CONFIG CIPHER .*) such as AES.


    HELPFUL INFORMATION: It is possible to bind mount partitions, or associate the
                    mounted partition to a directory name.

                 # mount --bind  /virtual-fs      /home/mchirico/vfs

            Also, if you want to see what filesystems are currently mounted, "cat" the
            file "/etc/mtab"

                 $ cat /etc/mtab

 

 Example with reiserfs file system 

 Assume you have a reisers files system created from a disk file, which means you have done something like the following:

         # dd if=/dev/zero of=disk-rfs count=102400
         # losetup  /dev/loop4 ./disk-rfs
         # mkfs -t reiserfs /dev/loop4
         # mkdir /fs2
         # mount -o loop,acl ./disk-rfs /fs2

    Now, you can run reiserfstune. But, first you will need to umount fs2

         # umount /fs2
         # reiserfstune ./disk-rfs

    Or you can run the debug command

         # debugreiserfs -J ./disk-rfs

    Now, suppose you run through a lot of the debug options on
    http://www.namesys.com/ and you destroy this file.

    You can recreate the file and delete the loop device.

         # dd if=/dev/zero of=disk-rfs count=102400
         # losetup -d /dev/loop4
         # mount -o loop,acl ./disk-rfs /fs2

    Now, try working with some of the ACL options - you can only do this
    with the latest kernel and tools -- Fedora Core 2 will work.

    Assume you have 3 users, donkey, chirico and bozo2. You can give
    everyone rights to this file system as follows:

         # setfacl -R -m d:u:donkey:rwx,d:u:chirico:rwx,d:u:bozo2:rwx /fs2

Tar file encryption / zip file encryption / Tar file protection

Tar File Encryption / Zip File Encryption / Tar File Protection

 STEP 1 (Using the tar command on the directory /stuff)

         Suppose you have a directory /stuff
         To tar everything in stuff to create a ".tar" file.

         $ tar -cvf stuff.tar stuff

         Which will create "stuff.tar".

     STEP 2 (Using the tar command to create a ".tar.gz" of /stuff)

         $ tar -czf stuff.tar.gz stuff

     STEP 3 (List the files in the archive)

         $ tar -tzf stuff.tar.gz
              or
         $ tar -tf stuff.tar

     STEP 4 (A way to list specific files)

         Note, pipe the results to a file and edit

          $ tar -tzf stuff.tar.gz > mout

         Then, edit mout to only include the files you want

          $ tar -T mout -xzf stuff.tar.gz

         The above command will only get the files in mout.
         Of couse, if you want them all

          $ tar -xzf stuff.tar.gz

    STEP 5 (ENCRYPTION)

          $ tar -zcvf - stuff|openssl des3 -salt -k secretpassword | dd of=stuff.des3

         This will create stuff.des3...don't forget the password you
         put in place of  secretpassword. This can be done interactively as
         well.

           $ dd if=stuff.des3 |openssl des3 -d -k secretpassword|tar zxf -

    NOTE:  above there is a "-" at the end... this will
           extract everything.

cpio usage

cpio usage

cpio works like tar, only better.

STEP 1 (Create two directories with data ../dir1 an ../dir2)

mkdir -p ../dir1
mkdir -p ../dir2
cp /etc/*.conf ../dir1/.
cp /etc/*.cnf ../dir2/.

Which will backup all your cnf and conf files.

STEP 2 (Piping the files to tar)

cpio works like tar but can take input
from the "find" command.

$ find ../dir1/ | cpio -o --format=tar > test.tar
or
$ find ../dir1/ | cpio -o -H tar > test2.tar

Same command without the ">"

$ find ../dir1/ | cpio -o --format=tar -F test.tar
or
$ find ../dir1/ | cpio -o -H tar -F test2.tar

Using append

$ find ../dir1/ | cpio -o --format=tar -F test.tar
or
$ find ../dir2/ | cpio -o --format=tar --append -F test.tar

STEP 3 (List contents of the tar file)

$ cpio -it < test.tar
or
$ cpio -it -F test.tar

STEP 4 (Extract the contents)

$ cpio -i -F test.tar

NTP installation and configuration

NTP installation and configuration

STEP 1 (Test the current server):

Try issuing the following command:

$ ntpq -pn

remote refid st t when poll reach delay offset jitter
===================================================
tock.usno.navy 0.0.0.0 16 u - 64 0 0.000 0.000 4000.00

The above is an example of a problem.
Compare it to a working configuration.

$ ntpq -pn

remote refid st t when poll reach delay offset jitter
========================================================
+128.4.40.12 128.4.40.10 2 u 107 128 377 25.642 3.350 1.012
127.127.1.0 127.127.1.0 10 l 40 64 377 0.000 0.000 0.008
+128.91.2.13 128.4.40.12 3 u 34 128 377 21.138 6.118 0.398
*192.5.41.41 .USNO. 1 u 110 128 377 33.69 9.533 3.534

STEP 2 (Configure the /etc/ntp.conf):

$ cat /etc/ntp.conf

# My simple client-only ntp configuration.
server timeserver1.upenn.edu
# ping -a timeserver1.upenn.edu shows the IP address 128.91.2.13
# which is used in the restrict below
restrict 128.91.2.13
server tock.usno.navy.mil
restrict 192.5.41.41
server 128.4.40.12
restrict 128.4.40.12
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10
driftfile /etc/ntp/drift
restrict default ignore
restrict 127.0.0.0 mask 255.0.0.0
authenticate no

STEP 3 (Configure /etc/ntp/step-tickers):

The values for server above are placed in the "/etc/ntp/step-tickers" file

$ cat /etc/ntp/step-tickers

timeserver1.upenn.edu
tock.usno.navy.mil
128.4.40.12

The startup script /etc/rc.d/init.d/ntpd will grab the servers in this
file and execute the ntpdate command as follows:

/usr/sbin/ntpdate -s -b -p 8 timeserver1.upenn.edu

Why? Because if the time is off ntpd will not start. The command above set the
clock. If System Time deviates from true time by more than 1000 seconds, then,
the ntpd daemon will enter panic mode and exit.

STEP 4 (Restart the service and check):

Issue the restart command

/etc/init.d/ntpd restart

check the values for "ntpq -pn",
which should match step 1.

ntpq -pn

SPECIAL NOTE:

Time is always stored in the kernel as the number of seconds since
midnight of the 1st of January 1970 UTC, regardless of whether the
hardware clock is stored as UTC or not. Conversions to local time
are done at run-time. So, it's easy to get the time in different
timezones for only the current session as follows:


$ export TZ=EST
$ date
Mon Aug 2 10:34:04 EST 2004

$ export TZ=NET
$ date
Mon Aug 2 15:34:18 NET 2004

The following are possible values for TZ:

Hours From Greenwich Mean Time (GMT) Value Description
0 GMT Greenwich Mean Time
+1 ECT European Central Time
+2 EET European Eastern Time
+2 ART
+3 EAT Saudi Arabia
+3.5 MET Iran
+4 NET
+5 PLT West Asia
+5.5 IST India
+6 BST Central Asia
+7 VST Bangkok
+8 CTT China
+9 JST Japan
+9.5 ACT Central Australia
+10 AET Eastern Australia
+11 SST Central Pacific
+12 NST New Zealand
-11 MIT Samoa
-10 HST Hawaii
-9 AST Alaska
-8 PST Pacific Standard Time
-7 PNT Arizona
-7 MST Mountain Standard Time
-6 CST Central Standard Time
-5 EST Eastern Standard Time
-5 IET Indiana East
-4 PRT Atlantic Standard Time
-3.5 CNT Newfoundland
-3 AGT Eastern South America
-3 BET Eastern South America
-1 CAT Azores

DST timezone


0 BST for British Summer.
+400 ADT for Atlantic Daylight.
+500 EDT for Eastern Daylight.
+600 CDT for Central Daylight.
+700 MDT for Mountain Daylight.
+800 PDT for Pacific Daylight.
+900 YDT for Yukon Daylight.
+1000 HDT for Hawaii Daylight.
-100 MEST for Middle European Summer,
MESZ for Middle European Summer,
SST for Swedish Summer and FST for French Summer.
-700 WADT for West Australian Daylight.
-1000 EADT for Eastern Australian Daylight.
-1200 NZDT for New Zealand Daylight.

The following is an example of setting the TZ environment variable
for the timezone, only when timezone changes go into effect.

$ export TZ=EST+5EDT,M4.1.0/2,M10.5.0/2

Take a look at the last line "M10.5.0/2". What does it mean? Here is the
documentation


Mm.w.d This specifies day d (0 <= d <= 6) of week w (1 <= w <= 5) of
month m (1 <= m <= 12). Week 1 is the first week in which day d
occurs and week 5 is the last week in which day d occurs. Day 0
is a Sunday.

The time fields specify when, in the local time currently in
effect, the change to the other time occurs. If omitted,
the default is 02:00:00.

So this is what it means. M10 stands for October, the 5 is the fifth week
that includes a Sunday (note 0 in M10.5.0/2 is Sunday). To see that it is
the fifth week see the calendar below. The time change occurs a 2am in
the morning. (Special Note: In 2007, DST was extended. See TIP 230).

October
Su Mo Tu We Th Fr Sa
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31

Prove it. Take the following program sunrise, which can calcuates sunrise
and sunset for an latitude and longitude. This program can be downloaded
from the following location:
http://sourceforge.net/direct-dl/mchirico/souptonuts/working_with_time.tar.gz

Below is a bash script that will run the program for the next 100 days.

#!/bin/bash
# program: next100days Mike Chirico
# download:
# http://sourceforge.net/direct-dl/mchirico/souptonuts/working_with_time.tar.gz
#
# This will calculate the sunrise and sunset for
# latitude 39.95 Note must convert to degrees
# longitude 75.15 Note must convert to degrees
lat=39.95
long=75.15
for (( i=0; i <= 100; i++))
do
sunrise `date -d "+$i day" "+%Y %m %d"` $lat $long
done

Take a look at the following sample output.

$ export TZ=EST+5EDT,M4.1.0/2,M10.5.0/2
$ ./next100days

Sunrise 08-24-2004 06:21:12 Sunset 08-24-2004 19:43:42
Sunrise 08-25-2004 06:22:09 Sunset 08-25-2004 19:42:12
Sunrise 08-26-2004 06:23:06 Sunset 08-26-2004 19:40:41
Sunrise 08-27-2004 06:24:03 Sunset 08-27-2004 19:39:09
Sunrise 08-28-2004 06:25:00 Sunset 08-28-2004 19:37:37
Sunrise 08-29-2004 06:25:56 Sunset 08-29-2004 19:36:04
Sunrise 08-30-2004 06:26:53 Sunset 08-30-2004 19:34:31
Sunrise 08-31-2004 06:27:50 Sunset 08-31-2004 19:32:57
Sunrise 09-01-2004 06:28:46 Sunset 09-01-2004 19:31:22
Sunrise 09-02-2004 06:29:43 Sunset 09-02-2004 19:29:47
..[values omitted ]
Sunrise 10-28-2004 07:25:31 Sunset 10-28-2004 18:02:34
Sunrise 10-29-2004 07:26:38 Sunset 10-29-2004 18:01:19
Sunrise 10-30-2004 07:27:46 Sunset 10-30-2004 18:00:06
Sunrise 10-31-2004 06:28:53 Sunset 10-31-2004 16:58:54
Sunrise 11-01-2004 06:30:01 Sunset 11-01-2004 16:57:44
Sunrise 11-02-2004 06:31:10 Sunset 11-02-2004 16:56:35

Compare 10-30-2004 with 10-31-2004. Sunrise is an hour earlier because
daylight saving time has ended, just as predicted.

There is an easier way to switch between timezones. Take a look at the
directory zoneinfo as follows:

$ ls /usr/share/zoneinfo

Africa Chile Factory Iceland Mexico posix UCT
America CST6CDT GB Indian Mideast posixrules Universal
Antarctica Cuba GB-Eire Iran MST PRC US
Arctic EET GMT iso3166.tab MST7MDT PST8PDT UTC
Asia Egypt GMT0 Israel Navajo right WET
Atlantic Eire GMT-0 Jamaica NZ ROC W-SU
Australia EST GMT+0 Japan NZ-CHAT ROK zone.tab
Brazil EST5EDT Greenwich Kwajalein Pacific Singapore Zulu
Canada Etc Hongkong Libya Poland SystemV
CET Europe HST MET Portugal Turkey

TZ can be set to any one of these files. Some of these are directories and contain
subdirectories, such as ./posix/America. This way you don not have to enter the
timezone, offset, and range for dst, since it has already been calculated.

$ export TZ=:/usr/share/zoneinfo/posix/America/Aruba
$ export TZ=:/usr/share/zoneinfo/Egypt


Reference:
http://prdownloads.sourceforge.net/cpearls/date_calc.tar.gz?download

Also see (TIP 27).
Also see (TIP 103) using chrony which is very similiar to ntpd.
Note time settings can usually be found in /etc/sysconfig/clock.

Linux World

Welcome to Linux World, Very soon linux tips will be available in this blog