Linux

From Rory.wiki

Jump to: navigation, search

1 General notes
2 Conky
3 Ubuntu Package Management
4 Vmware & Linux
5 GNU Screen
- 5.1 screen commands
- 5.2 GNU Screen Shortcuts
6 Ubuntu 8.04 and mod_security
- 6.1 pre-requisites
- 6.2 post-installation
7 SIGSTOP and SIGCONT
8 crontab syntax
9 snmpv3
10 Power Management
11 CIFS
12 Multi CD
13 Git
- 13.1 Create a new repository on the server
- 13.2 Initial commit of project directory to repository on server
- 13.3 Checking out from the server
- 13.4 Committing changes back to the server
- 13.5 Links
14 SSH
- 14.1 Running on non-standard ports
- 14.2 Stopping the annoying delay logging in to an Ubuntu Server
15 Apache 2
- 15.1 Setting up SSL
16 CentOS
17 iptables
- 17.1 Setting up NAT + forwarding
- 17.2 Handy trick for monitoring/controlling a VM
18 SSD Tweaks
19 Adding PPA Repos
20 Booting Console mode
21 installing and configuring xrdp
22 Manual Upgrade
23 Links and resources

General notes

Conky

Handy program that puts useful system information on your desktop. My .conkyrc

system monitoring with Conky

Conky Set-up for Ubuntu

Get your WAN IP address showing in Conky

.wan-ip

#!/bin/sh
wget -q -O - checkip.dyndns.org|sed -e 's/.*Current IP Address: //' -e 's/<.*$//'

Ubuntu Package Management

- Installing the source for a package can be done through  apt-get install source <package_name>

from here adding a cd-rom to the sources.list

 apt-cdrom add

Vmware & Linux

One of the potential problems is that vmware can change the MAC address of the virtual card that it's using when a VM is copied or moved. run ifconfig -a will show what interfaces are detected. then check /etc/network/interfaces and see if it ties up. If not changing the file to match the output of the ifconfig command might help

per this link if you want the mouse auto-release to work in Jaunty you need to install xserver-xorg-input-vmmouse

GNU Screen

getting started this Introduction to GNU Screen and this one are pretty useful.

Very useful utility for running processes on a linux box and being able to dynamically detach/re-attach to them, also being able to run numerous processes in a single console window.

on Ubuntu to fix the problem with backspace put alias screen='TERM=screen screen' into your .bashrc (from here )

screen commands

screen -S <sessname> - Start a new screen session with a name of sessname

screen -r <sessname> - Re-connect to a screen sesson with a name of sessname

GNU Screen Shortcuts

CTRL-A c - New Window

CTRL-A n - Next Window

CTRL-A " - Show list of windows

CTRL-A <num> - Go to window with number <num>

CTRL-A d - detach

Ubuntu 8.04 and mod_security

8.04 doesn't have a compiled mod_security deb file so if you need it, it can be done from source. Download from here, instructions here and some additional pointers here and here (with notes below)

pre-requisites

some packages that are needed by mod_security

- libxml2-dev
- apache2-threaded-dev - provides the apxs utility

post-installation

the source distribution installs the module in /usr/lib/apache2/modules, so the instructions for configuration lines are somewhat wrong and should reflect that path.

Now you've got the module installed but no rules.

create a directory for the config rules /etc/apache2/conf.d/modsecurity' and then extract the rules archive file in there. Remove all the non-conf files from the directory and add these lines to the httpd.conf file in /etc/apache2/

<ifmodule mod_security2.c>
Include conf.d/modsecurity/*.conf
</ifmodule>

you'll need to add the unique_id mod as well. this should be installed already but needs enabled, can be done by ln -s /etc/apache2/mods-available/unique_id.load /etc/apache2/mods-enabled

After this you'll need to modify the mod_security configuration file as needed for your setup. It's located at /etc/apache2/conf.d/modsecurity/modsecurity_crs_10_config.conf if you've followed the instructions above.

Some key points to potentially change.

if you want to keep all your log files in /var/log then you should create an appropriate directory (eg, /var/log/apache2/modsecurity/ ) and modify the SecAuditLog and SecDebugLog directive to log to that directory

SIGSTOP and SIGCONT

It's possible to pause and re-commence processes in POSIX compliant systems using SIGSTOP and SIGCONT. In Ubuntu linux these map to kill -19 and kill -18 respectively, kill -l can be used to get a listing with the relevant numbers. Very useful if you have a long running job that you need to stop for a while and then re-commence without losing progress made.

crontab syntax

A note about crontab syntax. running a command every 10 minutes is

*\10 * * * *

snmpv3

SNMPv3 has a very different setup to previous versions in terms of security.

Article on snmpv3 config with cacti

snmpv3 cheatsheet

snmpv3 and ubuntu

SNMP Notes

Power Management

powertop (can be installed from repos) shows information about what's causing powerdrain on a laptop and suggestions for improving it.

CIFS

Mounting a windows share

mount -t cifs //<ip_address>/<share_name> /<directory> -o username=<username>

Setting a windows share to automount on boot add line to /etc/fstab

//<ip_address>/<share_name> /<directory> cifs uid=<local_user_who_wants_to_access_share>,credentials=<file_name>

the syntax for file_name is

username=<username>
password=<password>

Multi CD

Some Instructions here for using multi-cd to create a bootable USB stick with multiple live ISOs on it.

Git

How to do useful things in git

Create a new repository on the server

Log in

create a directory in the base dir with the suffix .git

execute git --bare init

Initial commit of project directory to repository on server

enter project directory

execute git init

execute git add * (assuming you want all the files in the dir and subdirs added)

execute git commit -m 'first commit'

execute git remote add origin git@REMOTE_SERVER:example.git (assuming the users called git, the servers called REMOTE_SERVER and the project directory is called example.git)

If you're running git on a different port you can use this syntax for adding the remote origin git remote add origin ssh://git@REMOTE_SERVER:PORT/path/to/example.git

execute git push origin master

Checking out from the server

It'll create a directory (minus the git suffix) so no need to start off in an empty dir.

execute git clone ssh://git@REMOTE_SERVER/directory/path/to/example.git (assumptions as above)

Committing changes back to the server

execute git commit -a

execute git push (there's more to it than this but that works for the moment)

Links

set-up a git server process for setting up git on a server to keep copies of your code

more git server info including handy hint about running ssh on odd ports.

Git for the lazy Good summary of basic commands

SSH

Running on non-standard ports

If you're running SSH on a non-standard port and are tired of putting in the port number every time you connect adding the following lines to ~/.ssh/config will help

Host <your_host_here>
  Port <port_your_running_on>

Stopping the annoying delay logging in to an Ubuntu Server

From here

it appears that Ubuntu SSH server will do a lookup on the address you're connecting from. All well and good if you have DNS setup, not so great (annoying 5-10 sec delay) if you don't.

to disable this, edit your ssh config ("/etc/ssh/sshd_config") and add a "UseDNS no" line (or change the existing one to this).

Apache 2

Setting up SSL

Some good links to setting up SSL on an apache 2 server, creating certs, setting up the server, another guide to setting up the server

CentOS

It's possible to install groups of packages with yum after the OS is on (very handy if you discover you need a graphical install on a server!)

yum groupinstall “X Window System” “GNOME Desktop Environment”

is an example

iptables

Built in Firewall for most linux distros. It's actually very flexible and can do all sorts of traffic manipulation. Good guide to it here

Setting up NAT + forwarding

Based on here . In a situation where you want to forward traffic over a VPN interface (tap0) and the main network card in your machine is eth0. First on the box set up routes to your destination

route add -net x.x.x.x netmask x.x.x.x gw <tap0 ip address>

then enable forwarding on the box

sysctl net.ipv4.ip_forward = 1

then add iptables rules to forward and masquerade the traffic

iptables --table nat --append POSTROUTING --out-interface tap0 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT

On the client machines that you want to use this route use similar routing commands to the above to get the traffic to go that way but with the eth0 address as the gw

route add -net x.x.x.x netmask x.x.x.x gw <eth0 ip address>

Handy trick for monitoring/controlling a VM

If you want to have a machine where you can monitor / control the traffic, using a VM setup with host-only networking can be pretty useful. Per here just setup the standard DNAT setup

echo 1 > /proc/sys/net/ipv4/ip_forward

and then setup the forward/MASQ

iptables -A POSTROUTING -t nat -o <real_interface> -s <ip_address_range_for_vm> -d 0/0 -j MASQUERADE

After that you can just use filter rules in the FORWARD chain to manage traffic flow from the VM

SSD Tweaks

Tweaking Ubuntu for SSD usage.

Reduced swappiness on as per here edit /etc/sysctl.conf to add vm.swappiness=10

Added noatime, nodiratime and commit=60 to /etc/fstab per here

Adding PPA Repos

you can add PPA repositories to ubuntu with commands like

sudo add-apt-repository ppa:ubuntu-on-rails/ppa

Booting Console mode

per here. You can set the system to come up in console mode by changing GRUB_CMDLINE_LINUX_DEFAULT=”quiet splash" in /etc/default/grub to GRUB_CMDLINE_LINUX_DEFAULT=”quiet splash text” and then running sudo update-grub

installing and configuring xrdp

per here. You can install xrdp on ubuntu/lubuntu/etc and then connect using the Microsoft Terminal Services client or rdesktop under linux.

Manual Upgrade

For whatever reason the blessed do-release-update doesn't seem to work in all cases, so there's a process for manually updating (not very approved but works for me)

10.04 - 10.10

sudo sed -i 's/lucid/maverick/g' /etc/apt/sources.list && sudo aptitude update && sudo aptitude dist-upgrade

10.10 - 11.04

sudo sed -i 's/maverick/natty/g' /etc/apt/sources.list && sudo aptitude update && sudo aptitude dist-upgrade

11.04 - 11.10

sudo sed -i 's/natty/oneiric/g' /etc/apt/sources.list && sudo aptitude update && sudo aptitude dist-upgrade

One major gotcha if you go down this line is that grub appears to break on the 11.04 - 11.10 step. The fix is per this post

from the grub prompt (assuming that you're installed in /dev/sda1 (see the post if you need to do it with other disk layouts)

set root=(hd0,1)
linux /vmlinuz root=/dev/sda1 ro
initrd /initrd.img
boot

then once it's booted ok

sudo grub-install /dev/sda
sudo update-grub

should fix it

Links and resources

Setting up backtrack 4 with persistent changes NB adding the line Default 5 didn't work for me as the labels weren't just numerical. Look for the label for the persistent live cd and use that after the default statement.

Set-up Sun JAVA

Check Install This is a handy tool to create deb files from make installs, so use ./configure, make, sudo checkinstall , and you get a .deb file and the ability to uninstall the package easily

tunneling firefox traffic through ssh

Layer 3 VPN with SSH

duplicity Encrypted Rsync based backups

freeBSD + linux commands long list of handy linux/BSD commands