(Written by Sylvain Bolay) (Updated March 07, 2008)

#modifie in /etc/inittab
#The system will automatically boot in text mode (3) or in graphical mode (5)

id:3:initdefault
id:5:initdefault

To modifie in real time the runlevel write:

init 0 #to shutdown the system
init 3 #to start text mode
init 5 #to start graphical mode

Warning: the precedent runlevel will be closed by the new one. That means if the actual runlevel is 5 and you want to go to the runlevel 3 all the user connexions will be closed! See man init for other run level.

/etc/fstab
mount /dev/sda1 /mnt/usb

modproble usb-storage
dmesg

See /etc/X11/XF86Config and /etc/X11/XF86Config-4 Use ImPS/2 instead of PS/2 to support wheel mouse

1. start using single mode
2. grub PRESS e
3. kernel /boot/vmlinuz-2.4.18-14 ro root=LABEL=/ PRESS e
4. kernel /boot/vmlinuz-2.4.18-14 single ro root=LABEL=/ PRESS ENTER
5. PRESS b
6. vi /etc/shadow
7. modify the line starting with root to become
8. root::……
9. reboot, and now passwd is empty

1. start up to the grub
2. grub PRESS e
3. kernel /boot/vmlinuz-2.6.18-14 ro root=LABEL=/ PRESS e
4. kernel /boot/vmlinuz-2.6.18-14 ro root=LABEL=/ init=/bin/bash PRESS ENTER
5. PRESS b
6. mount -o remount,rw /
7. nano /etc/shadow
8. modify the line starting with root:aX3dat…:…. to become
9. root::……
10. save modifications (ctrl-X and Y(es))
11. shutdown -rn now, and now passwd is empty

I start using this part when my computer doesn't start anymore because of the following error: - kernel Panic: VFS: Unable to mount root fs on 03:02

I finally found 390 badblocks on /dev/hda. To save my data I copied all this disk onto another one (1 night long) and made a repair on this new disk.

• Copy disk hda to disk hdb (normally both disk should have the same size and geometry):

dd if=/dev/hda of=/dev/hdb (and add some options following man dd)

• You may have to restore the disk partition (see section below). I don't remember exactly when you have to do that!
• and next repair the new disk:

debugreiserfs /dev/hda2
#or
sfdisk -l /dev/hda
 
badblocks -o badblock.log -b 4096 /dev/hda2
fsck.reiserfs --rebuild-tree -B badblock.log /dev/hda2
mkfs.reiserfs
dd if=/dev/zero of=/dev/hda bs=4096 swk=theBadblock-1 count=1

error: Disk doesn't contain a valid partition table

fdisk /dev/hda
mke2fs /dev/hda2
mkswap /dev/hda1
#(82=linux swap; 83=linux)
debugreiserfs /dev/hda2
badblocks -o badblocks.log -b 4096 -v /dev/hda2

Grub loading stage2…

• boot with dvd
• choose rescue mode
• cd /mnt
• mkdir hda
• mount -t reiserfs /dev/hda2 /mnt/hda
• chroot /mnt/hda /bin/bash

see effect of: swapon /dev/hda1

on gento (tchetch)

• mount /dev/hda3 /mnt/gentoo/
• mount /dev/hda1 /mnt/gentoo/boot
• swapon /dev/hda2
• mount none -t proc /mnt/gentoo/proc
• chroot /mnt/gentoo /bin/bash (root=/dev/hda3)

grub-install `awk -F='/^#boot/{print $2}'/boot/grub/grub.conf`
#(kernel-smp, mkinitrd, grub)
grub> root (hd0,1)
 
grub> install --stage2=/boot/grub/stage2 /d (hd0) / 0x800 (null)/
#or
grub> install --stage2=/boot/grub/stage2 --fare-lba /boot/grub/stage1 d (hd0) /boot/grub/stage2 0x800
#or
grub> install /boot/grub/stage1 d (hd0) /boot/grub/stage2 /boot/grub/menu.lst
 
#(this part can be completed with the help of tab-autocompletion)
grub> kernel (hd0,1)/boot/vmlinuz root=/dev/hda2 vga=0x317 desktop resume=/dev/hda1 splash=silent
grub> initrd (hd0,1)/boot/initrd

to check kernel version to check system version to check system information

cat /proc/cpuinfo
processor  : 0
vendor_id  : GenuineIntel
cpu family : 15
model      : 2
model name : Intel(R) Pentium(R) 4 CPU 2.40GHz
stepping   : 4
cpu MHz    : 2406.258
cache size : 512 KB
fdiv_bug   : no
hlt_bug    : no
f00f_bug   : no
coma_bug   : no
fpu        : yes
fpu_exception : yes
cpuid level   : 2
wp         : yes
flags      : fpu vme de pse tsc msr pae mce cx8
             sep mtrr pge mca cmov pat pse36
             clflush dts acpi mmx fxsr sse
             sse2 ss ht tm
bogomips   : 4751.36

cat /proc/interrupts
CPU0
0: 185214164 XT-PIC timer
1: 84002 XT-PIC i8042
2: 0 XT-PIC cascade
5: 0 XT-PIC uhci_hcd
8: 2 XT-PIC rtc
9: 28452 XT-PIC acpi, Intel 82801DB-ICH4, uhci_hcd, uhci_hcd, ohci1394
10: 2202424 XT-PIC eth0
11: 0 XT-PIC libata, ehci_hcd
12: 1502787 XT-PIC i8042
14: 320185 XT-PIC ide0
15: 1355351 XT-PIC ide1
NMI: 0
LOC: 0
ERR: 1
MIS: 0

cat /proc/ioports
0000-001f : dma1
0020-0021 : pic1
0040-005f : timer
0060-006f : keyboard
0070-0077 : rtc
0080-008f : dma page reg
00a0-00a1 : pic2
00c0-00df : dma2
00f0-00ff : fpu
0170-0177 : ide1
01f0-01f7 : ide0
02f8-02ff : serial
0376-0376 : ide1
03c0-03df : vesafb
03f6-03f6 : ide0
03f8-03ff : serial
0cf8-0cff : PCI conf1
8400-843f : 0000:00:1f.5
8800-88ff : 0000:00:1f.5
9800-987f : 0000:02:04.0
9800-987f : sata_promise
a000-a00f : 0000:02:04.0
a000-a00f : sata_promise
a400-a43f : 0000:02:04.0
a400-a43f : sata_promise
a800-a87f : 0000:02:03.0
b000-b01f : 0000:00:1d.2
b000-b01f : uhci_hcd
b400-b41f : 0000:00:1d.1
b400-b41f : uhci_hcd
b800-b81f : 0000:00:1d.0
b800-b81f : uhci_hcd
d000-dfff : PCI Bus #01
d800-d8ff : 0000:01:00.0
e800-e81f : 0000:00:1f.3
f000-f00f : 0000:00:1f.1
f000-f007 : ide0
f008-f00f : ide1

cat /proc/meminfo
MemTotal:     516472 kB
MemFree :       7680 kB
Buffers:       39416 kB
Cached:       127304 kB
SwapCached:        0 kB
Active:       395488 kB
Inactive:      24652 kB
HighTotal:         0 kB
HighFree:          0 kB
LowTotal:     516472 kB
LowFree:        7680 kB
SwapTotal:   2255896 kB
SwapFree:    2255756 kB
Dirty:            44 kB
Writeback:         0 kB
Mapped:       342656 kB
Slab:          79360 kB
Committed_AS: 395772 kB
PageTables:     2324 kB
VmallocTotal: 507896 kB
VmallocUsed:   37260 kB
VmallocChunk: 469148 kB
HugePages_Total:   0
HugePages_Free:    0
Hugepagesize:   4096 kB

cat /proc/partitions

cat /proc/swaps
Filename	Type		Size	Used	Priority
/dev/hda2	partition	2255896	140	42

cat /proc/version
Linux version 2.6.5-7.104-default (geeko@buildhost)
(gcc version 3.3.3 (SuSE Linux)) #1 Wed Jul 28 16:42:13 UTC 2004

cat /etc/redhat-release
#or
cat /etc/SuSE-release
 
SuSE Linux 9.1 (i586)
VERSION = 9.1

uname --version
>uname (coreutils) 5.2.1
 
uname --kernel-name
>Linux
 
uname --nodename
>linuxSBServer
 
uname --kernel-release
>2.6.5-7.111-smp
 
uname --kernel-version
>#1 SMP Wed Oct 13 15:45:13 UTC 2004
 
uname --machine
>i686
 
uname --processor	
>i686
 
uname --hardware-platform
>i386
 
uname --operating-system	
>GNU/Linux
 
uname --all
>Linux linuxSBServer 2.6.5-7.111-smp #1 SMP Wed Oct 13 15:45:13 UTC 2004 i686 i686 i386 GNU/Linux

gives the architecture of your machine (ex: 686)

The Intel architecture model 80×86 designates each processor core. The X is a number from 0 to infinite but for now it is from 0 to 7. Each model adds few more instructions and sometimes a new feature although each model does not have to increase transistor count. If you have an 80686 processor, you can run software that was compiled for 80686 and lower. If you have an 80386, you can only run software compiled as 80386 and lower. Each increasing model should be better but it seems that Intel likes the yo-yo effect when they introduce new processors.

• Pentium III is not an 80386 its an 80686.
• A Pentium 4 is an 80768 but it is not any better than some 80686 processors.
• AMD Athlons are 80686 even though some are 32-bit and 64-bit processors.

There are some 80486 (I think 80486DX2-66 or 80486DX4-120) that are or the right term were faster than 80586 (aka Pentium). Have look at sandpile for informations.

x86 is the CPU architeture family. These go along the lines of i286, i386, i486, i586, etc… where the x is used as a variable for the 2, 3, 4, 5, etc.

• i586 is the same as a pentium and amd k1
• i686 is the same as pentium II and amd k2, and so on.
• x86-64 stands for 64-bit processors like Athlon-64's and Opteron that operate off of the x86 family.

Each of the chips has extra transitors and instruction sets, so if you download a distro that was compile for your chip, it should, in theory, run better. Also, You have to meet the architecture number or older to use the distro to.

There are several *fdisk programs around. Each has its problems and strengths. Try them in the order: cfdisk, fdisk, sfdisk.

Is a beautiful program that has strict requirements on the partition tables it accepts, and produces high quality partition tables. Use it if you can.

Is a buggy program that does fuzzy things - usually it happens to produce reasonable results. Its single advantage is that it has some support for BSD disk labels and other non-DOS partition tables. Avoid it if you can.

The user interface is terrible, but it is more correct than fdisk and more powerful than both fdisk and cfdisk. Moreover, it can be used noninteractively. Is for hackers only.

Curses based disk partition table manipulator for Linux

cfdisk 2.11u
Disk Drive: /dev/sda
Size: 72802631680 bytes, 72.8 GB
Heads: 254	Sectors per Track: 63	Cylinders: 8885

[Bootable][Delete][Help][Maximize][Print][Quit][Type][Units][Write]

Partition table manipulator for Linux

fdisk -l
Disk /dev/sda: 254 heads, 63 sectors, 8885 cylinders
Units = cylinders of 16002 * 512 bytes

Partition table manipulator for Linux

sfdisk version 3.07 (aeb@cwi.nl, 990908)
Usage: sfdisk [options] device ...
device: something like /dev/hda or /dev/sda
useful options:
-s [or --show-size]	:list size of a partition
-c [or --id]		:print or change partition Id
-l [or --list]		:list partitions of each device
-d [or --dump]		:idem, but in a format suitable for later input
-i [or --increment]	:number cylinders etc. from 1 instead of from 0
-uS, -uB, -uC, -uM	:accept/report in units of sectors/blocks/cylinders/MB
-T [or --list-types]	:list the known partition types
-D [or --DOS]		:for DOS-compatibility: waste a little space
-R [or --re-read]	:make kernel reread partition table
-N#			:change only the partition with number #
-n			:do not actually write to disk
-O file			:save the sectors that will be overwritten to file
-I file			:restore these sectors again
-v [or --version]	:print version
-? [or --help]		:print this message
 
dangerous options:
-g [or --show-geometry]	:print the kernel's idea of the geometry
-x [or --show-extended]	:also list extended partitions on output or expect descriptors for them on input
-L [or --Linux]		:do not complain about things irrelevant for Linux
-q [or --quiet]		:suppress warning messages
 
You can override the detected geometry using:
-C# [or --cylinders #]	:set the number of cylinders to use
-H# [or --heads #]	:set the number of heads to use
-S# [or --sectors #]	:set the number of sectors to use
 
You can disable all consistency checking with:
-f [or --force]		:do what I say, even if it is stupid

sfdisk -l
Disk /dev/sda: 8885 cylinders, 254 heads, 63 sectors/track
Units = cylinders of 8193024 bytes, blocks of 1024 bytes, counting from 0

scan for all disks / multiple devices / partitions available

lvmdiskscan -- reading all disks / partitions (this may take a while...)
lvmdiskscan -- /dev/sda1   [101.54MB] Primary LINUX native partition [0x83]
lvmdiskscan -- /dev/sda2   [65.47 GB] Primary LINUX native partition [0x83]
lvmdiskscan -- /dev/sda3 [1023.57 MB] Primary LINUX swap partition [0x82]
lvmdiskscan -- 1 disk
lvmdiskscan -- 0 whole disks
lvmdiskscan -- 0 loop devices
lvmdiskscan -- 0 multiple devices
lvmdiskscan -- 0 network block devices
lvmdiskscan -- 3 partitions
lvmdiskscan -- 0 LVM physical volume partitions

Show information about currently known hardware.

--list			:show list of known hardware
--cfg=state id		:change 'configured' status; id is one of the ids from 'hwscan --list', state is one of new, no, yes
--avail=state id	:change 'available' status
--need=state id		:change 'needed' status
--hw_item		:probe for hw_item and update status info. hw_item is one of:
				cdrom, floppy, disk, mouse, gfxcard, monitor, network, sound, modem,
				printer, storage-ctrl, netcard, camera, isdn, tv, dvb, scanner, joystick,
				usb, pci, isapnp, framebuffer, keyboard, chipcard, braille, partition,
				usb-ctrl, sys, cpu, bios, bridge, hub, memory

hwscan --list
vSkL.qRXhw9SR8eF: (cfg=new, avail=yes, need=no) bridge Intel PCI bridge
x0Ln.orocOxRg9gF: (cfg=yes, avail=yes, need=no) network IBM NetXtreme BCM5703X Gigabit Ethernet
JspL.4uf42CeQ14C: (cfg=new, avail=yes, need=no) unknown IBM 82870P2 P64H2 I/OxAPIC
rdCR.lZF+r4EgHp4: (cfg=no,  avail=yes, need=no) bios BIOS
hgAj.CQxngn4zpw3: (cfg=new, avail=yes, need=no) unknown IBM Unclassified device
T4wH.4uf42CeQ14C: (cfg=new, avail=yes, need=no) unknown IBM 82870P2 P64H2 I/OxAPIC
rdCR.EY_qmtb9YY0: (cfg=yes, avail=yes, need=yes)monitor Generic Monitor
vayM.pa4s74HebeD: (cfg=yes, avail=yes, need=no) usb controller IBM 82801DB USB (Hub #2)
Ikk3.7IxpIoQ+NDC: (cfg=yes, avail=yes, need=yes)graphics card IBM Rage XL
rdCR.CxwsZFjVASF: (cfg=no,  avail=yes, need=no) memory Main Memory
1GTX.nlBMAx1EYtC: (cfg=yes, avail=yes, need=no) usb controller IBM 82801DB USB (Hub #1)
W60f.AiiszuDFBEE: (cfg=new, avail=yes, need=no) sound IBM 82801DB AC'97 Audio
rdCR.iWbWo71vw2C: (cfg=yes, avail=yes, need=yes) keyboard PC Keyboard
sPPV.oZ89vuho4Y3: (cfg=yes, avail=yes, need=no) floppy Floppy Disk
3Okj.Jt1hg9mdkyE: (cfg=new, avail=yes, need=no) hub Hub
BUZT.rA8dZcrCAA4: (cfg=new, avail=yes, need=no) bridge Intel 82801DB ISA Bridge (LPC)
B3Fu.Jt1hg9mdkyE: (cfg=new, avail=yes, need=no) hub Hub
ruGf.IWXKQ_Ne1vF: (cfg=new, avail=yes, need=no) unknown IBM Unclassified device
wiDZ.Jt1hg9mdkyE: (cfg=new, avail=yes, need=no) hub Hub
rdCR.n_7QNeEnh23: (cfg=no,  avail=yes, need=no) system System
yibb.g++hATXqKsF: (cfg=yes, avail=yes, need=yes) mouse Generic PS/2 Mouse
dtXw.Y0ml26UcBkD: (cfg=yes, avail=yes, need=no) storage IBM ServeRAID 5i
4t_9.SWk4Ex6vaS2: (cfg=yes, avail=yes, need=no) disk IBM SERVERAID
rdCR.xXVvziWR6cC: (cfg=yes, avail=yes, need=no) framebuffer ATI MACH64 MACH64GM
B3Fu.zxRvAUHA3eD: (cfg=new, avail=yes, need=no) unknown American Power Conversion Back-UPS 350 FW: 5.5.I USB FW: c1
3p2J.Nei02VKmZT6: (cfg=no,  avail=yes, need=no) storage IBM 82801DB ICH4 IDE
nS1_.Kb0XA3A2UVB: (cfg=new, avail=yes, need=no) unknown IBM 82801DB SMBus
qLht.HjLo1lfzn_F: (cfg=new, avail=yes, need=no) bridge IBM Host bridge
Ozsp.gW_slCquqh5: (cfg=new, avail=yes, need=no) bridge Intel 82870P2 P64H2 Hub PCI Bridge
YBzl.gW_slCquqh5: (cfg=new, avail=yes, need=no) bridge Intel 82870P2 P64H2 Hub PCI Bridge
08OF.wQq3lwZp4Y5: (cfg=yes, avail=yes, need=no) network 3Com 3C905C-TX Fast Etherlink for PC Management NIC
5YuN.yJAnkGqksw5: (cfg=yes, avail=yes, need=no) usb controller IBM 82801DB USB EHCI Controller
_Znp.LsTRPkZ8g00: (cfg=new, avail=yes, need=no) bridge Intel PCI bridge
rdCR.3wRL2_g4d2B: (cfg=no,  avail=yes, need=no) storage Floppy disk controller
6NW+.ccU5FZC1tz2: (cfg=new, avail=yes, need=no) bridge Intel 82801BA/CA/DB PCI Bridge
nBbg.74_e3eJ82F7: (cfg=yes, avail=yes, need=no) cdrom HL-DT-ST CD-ROM GCR-8480B

vi /etc/fstab
/dev/hda5 /mnt/d vfat defaults,codepage=936,iocharset=cp936 0 0

vi /etc/crontab
add line
00 0 1 * * root rdate -s time.nist.gov

or use xntp or use ntpdate (Debian package) In Switzerland you can use ntp.metas.ch which is the official swiss time server.

This is the command to create a tar archive named file.tar that contains file1, file2 and fileX

tar -cf file.tar directory1/file1 directory2/file2 directoryX/fileX

This is the command to list a tar archive named file.tar that contains file1, file2 and fileX

tar -tf file.tar
#or
tar --list --file=file.tar /this/is/a/directory/file1
#or
tar --gzip --list --file=file.tgz /this/is/a/directory/file1

With all these commands you can use one (-v) or two (-vv) verbose options

tar -tvvf file.tar

#man mt
#man tar
#see SIRO_backup.sh in /
#The device is /dev/st0
 
tar --list --verbose -f /dev/st0
mt --file=/dev/st0 status
mt --file=/dev/st0 rewind
mt -f /dev/st0 status
 
#To go to 1 backup backward
mt -f /dev/nst0 bsf 1
 
#To go to 1 backup forward:
mt -f /dev/nst0 fsf 1<br>

ls -a (all)
ls -l (long)

cat
#or
more
#or
less
</bash>
 
==== symbolic links ====
<code bash>
#creat a link named prog that points to the actual file named prog.1.1
ln -s prog.1.1 prog
 
#update the symbolic link to point to the new library
ln -sf /lib/libncurses.so.5.4 /lib/libncurses.so.5

xpdf shoot.pdf

df -k
df -h

du -sh %dirname%

tar jxvf example.tar.bz2
tar zxvf example.tar.gz
unzip example.zip
compression utilities
 
gzip garbage.txt
gzip -l garbage.txt.gz #(get information on a gzipped file)
gunzip garbage.txt.gz
 
#(tar a directory mt)
tar cvf mt.tar mt 
 
#(untar)
tar xvf mt.tar
 
#(tar and compress)
tar zcvf mt.tar.gz mt
 
#(extract and untar)
tar zxvf mt.tar.gz

find -name filename.ext
#or
du -a | grep filename.ext
#or
updatedb
locate filename.ext

ls /bin ~/binaries

#(sort the output of disk usage) du | sort -nr

#(use a second pipe) du | sort -nr | more

more aFile | grep aKeyword

./theExecutedSoft 2>&1 | tee log.txt </code> In this above command the stderr(2) output descriptor is redirected (>&) in the stdout(1) output descriptor. All this is finally piped to the tee function how allows to see both standard output to the screen and in the same time written in the file log.txt

chown joe dir/
chmod +x header
chmod -x header
 
#(only assign execute permission to myself)
chmod u+x header 
 
#(assign execute permission to both myself and the file's group)
chmod ug+x header
 
#(assign multiple types of permissions)
chmod ug+rwx header

#(just give yourself read permission)
chmod 400 header
 
#(give everybody read permission)
chmod 444 header 
 
#(give everybody read/exec permission)
chmod 555 header 
 
#(rwxr-xr-x)
chmod 755 header

In order to use X11 forwarding through ssh, you have to: on debian (server)

• apt-get install xbase-client
• in /etc/ssh/sshd_config → X11Forwarding yes
• Restart ssh daemon /etc/ssh restart

login to the server ssh -X -v -v -v root@xxx.xxx.xxx.xxx The triple -v is to obtain debug up to level 3 and -X is to enable X11forwarding to the client side but seems not be absolutely necessary to make the X11 tunnel working. You can now try “xclock &” included in the xbase-client package to test the X11 connection.

If you get an error such as

root@siro2:~# xclock
_X11TransSocketINETConnect() can't get address for localhost:6013: Name or service not known
Error: Can't open display: localhost:13.0

The main reasons of that can be (from linuxquestions.org):

• You should NEVER EVER login as root.
• You should REALLY REALLY use sudo(1) or su(1) when you need to run one command whith root privilege

Might be that ssh is doing the right thing and don't let you use X11 over ssh as root.

You should instead login as a normal user and configure the /etc/sudoers file with visudo to let your normal user accessing some files with sudo.

If you are login as a normal user and you have the same error, you may need to issue an

export DISPLAY="hostname:10.0"

before it works. You can also add this command in the user's .bashrc file.

If you put instead export DISPLAY=“127.0.0.1:10.0” the .Xauthority may be corrupted and the X redirection will not work and will display a warning such as: Warning: No xauth data; using fake authentication data for X11 forwarding. As soon as you got once this error, before trying another solution, you have to restart your Xserver (ctrl+alt+enter) to regenerate a trusted Xsession.

You can see wich are your actual Xauthority setting with:

xauth info
xauth list

and if you need to add a new Xauthority to the .Xauthority file, you can issue:

xauth add `echo "${DISPLAY}" | sed 's/.*\(:.*\)/\1/'` . `mcookie`

Below is displayed the settings of the /etc/ssh_config which is the client configuration file:

Host *
#   ForwardAgent no
#   ForwardX11 yes
#   ForwardX11Trusted yes
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials no

And last, below is displayed the /etc/sshd_config file which is the configuration on the server side:

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
 
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
 
# Logging
SyslogFacility AUTH
LogLevel INFO
 
# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
 
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile     %h/.ssh/authorized_keys
 
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
 
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
 
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
 
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
 
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
 
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
 
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
 
#MaxStartups 10:30:60
#Banner /etc/issue.net
 
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
 
Subsystem sftp /usr/lib/openssh/sftp-server
 
UsePAM yes

/etc/init.d/mysql start/status/stop

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER ! To do so, start the server, then issue the following commands:

/usr/bin/mysqladmin -u root password 'new-password'
#or
/usr/bin/mysqladmin -u root -h example.com password 'new-password'

You can test the MySQL daemon with the benchmarks in the 'sql-bench' directory:

cd /usr/share/mysql/sql-bench
perl run-all-tests

Default options are read from the following files in the given order: /etc/my.cnf /var/lib/mysql/my.cnf and ~/.my.cnf

In the below example, “intranet” is the name of your database.

mysqladmin -u root -p create intranet

Create the tables using an example.sql file:

mysql -u root -p intranet < example.sql

See the content of the intranet db

mysqlshow -u root -p intranet

mysql -u root -p intranet
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 96 to server version: 4.0.18
 
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
 
mysql> GRANT ALL PRIVILEGES ON *.* TO "myDatabase"@"localhost";

/etc/cups

(2 modifications)

1. # DocumentRoot: the root directory for HTTP documents that are served.
   # By default "/usr/share/doc/packages/cups".
   #
   DocumentRoot /usr/share/cups/doc/

2. <Location /admin>
   # You definitely will want to limit access to the administration functions.
   # The default configuration requires a local connection from a user who
   # is a member of the system group to do any admin tasks. You can change
   # the group name using the SystemGroup directive.
    
   AuthType BasicDigest
   AuthClass Group
   AuthGroupName sys
    
   ## Restrict access to local domain
   Order Deny,Allow
   Deny From All
   Allow From 127.0.0.1
   Allow From 192.168.1.20 (sb-linux)
   Allow From 192.168.1.23 (sb-win)
    
   #Encryption Required
   </Location>

(below an example)

<Printer HP_Laserjet_6MP>
Info B&W_Laser_Printer
Location 1st_Floor/Room_215
DeviceURI socket://192.168.1.11
State Idle
Accepting Yes
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
</Printer>

SOME ADVICES log: /var/log/cups/ daemon cupsd: /usr/sbin/cupsd (man cupsd) server = /usr/lib/cups/daemon/cups-lpd (in /etc/xinetd.d/cups-lpd)

Creating root access (by default cups will have no user and pw) lppasswd -g sys -a root #this command will allow you to login as root for administration task in cups

restart the server siro:/etc/init.d # ./cups restart Shutting down cupsd done Starting cupsd done

For probleme with the lp command, see below: when I want to print with lp or lpr I always get the following errormsg: lp: error - scheduler not responding! or lpr: error - scheduler not responding! By the way, cups prints its testpage correctly, only lp® doesn't work! What can I do?

These “lp” and “lpr” commands or for CUPS, they work only with running CUPS daemon (the scheduler) or with a remote CUPS server specified in /etc/cups/client.conf. If you want to use LPD or LPRng, you need the appropriate “lpr” and/or “lp” executables.

vsftpd: (man vsftpd) The vsftpd FTP server serves FTP connections. It uses normal, unencrypted usernames and passwords for authentication. vsftpd is designed to be secure.

daemon configuration file: /etc/vsftpd.conf (man vsftpd.conf) daemon location: /usr/sbin/vsftpd

service ftp
{
 #server_args = -a
 #log_on_success += DURATION USERID
 #log_on_failure += USERID
 #nice = 10
 socket_type = stream
 protocol = tcp
 wait = no
 user = root
 server = /usr/sbin/vsftpd
 instances = UNLIMITED
}

At this time I don't understand every options in this service (TODO)

# Local FTP user Settings
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment to put local users in a chroot() jail in their home directory after login.
chroot_local_user=YES
#
# Set to NO if you want to disallow the PASV method of obtaining a data connection.
# Note: if this setting is disabled, windows stations will not be able to login.
pasv_enable=YES

• changing local_umask=077 to 022 allows users (for example the xerox scanner) to put in the directory (for example /server/printers/xerox/NETSCAN.XSM/) the scanned files with the rights 744 (see man umask to understand the umask settings) instead of 700. The NETSCAN.XSM directory is set to 770 and is owned by xerox.users
• The vsftpd daemon has to be restarted with /etc/init.d/xinetd restart

Example to connect NeXT computers (This example is with SuSe):

In YaST → Network Services → NFS Server : Start NFS Server (go next) Set Directories to: /server/public/NeXT_Data_Server Set Hosts wildcard to: * Set Options to: rw, root_squash, sync (if set to rw the directory is set as read-write; if set ro ro the directory is set ro read-only)

chmod 777 /server chmod 777 /server/public chmod 777 /server/public/NeXT_Data_Server (This part may also work with other folder rights if users are logged in. But this part has to be completed)

Open a terminal on a NeXT computer: NextApps → Terminal.app

1. cd /etc (where all services are located as the function ” mount” …)
2. vi /etc/hosts and add eg. “192.168.1.22 siro”
3. as root: cd /etc

mount -t nfs siro:/server/public/NeXT_Data_Server /Users/iro/siro_projects

or 3b) NextAdmin -> NFSManager.app

in the window named “/- Imported Directories” add… server name: siro; Remote Directory: /server/public/NeXT_Data_Server; Set; Mount Point: /Users/iro/siro_projects (This setting will mount automatically the directory during the startup process) - NextAdmin → UserManager.app (login as root) User → open … select: iro and change the pw to iroiro and confirm the pw. (this setting should allow the user to login to the NFS server if special settings are made on the shared directory)

If a user can not login normally on the XP computer:

1. printers can not be add correctly (error 5 given by Kixtart - rights error)
2. Users can simply not loggin on the computer (windows says pw error!)

I dont know exactly the reason of that but it seems that is caused by a sid error or something like this. To get right of this problem we have to clean the user profile.

1. Loggoff the user witch as the problematic profile
2. mv /server/profile/“theProblematicProfile/” /server/profile/“theProblematicProfile.bck”/
3. mkdir /server/profile/“theNewProfileDirectory”/
4. chmod and chown
5. To resolve this you can either:
   • Logon on a machine where the user does not yet has a saved profile with is username and pw to recreate a “clean” profile or
   • Logon to the machine usually used by the user as local/administrator
     1. Suppress the local copy of profiles: My Computer -&gt; properties -&gt; Advanced -&gt; UserProfiles…
     2. settings: remove all profiles except local\administrator
     3. regedit the registry and suppress everything about the user (make some searches with specific keywords)
     4. Restart the computer
     5. login as network\administrator (to install and reset the registry with clean values - see kixtart script)
     6. logoff
     7. login as the user to recreate a “clean” profile
6. logoff the user
7. On the server copy all relevant/interesting folders/data as favorites; Desktop; Application Data … mail and others; check the MyDocument folder; …
8. chmod / chown on this folders
9. Done… and the user can loggin back on computers and everything should be ok.

net groupmap add ntgroup=“Users” UNIXgroup=users net groupmap list

pour recuperer vos anciens profils, il faut les migrer de l'ancien SID vers le nouveau comme ceci:

• les mettre sur le serveur en mode itinerant (c'est mieux avec samba au depart pour la migration
• partager le dossier comme necessaire (voir la doc de samba sur les profils)
• une fois tous les profils sur le serveur disons dans le dossier /users dans chaque dossier utilisateur /user/user1, /users/user2 etc… vous trouverez le fichier ntuser.dat (la ruche HKEY_CURRENT_USER). Le probleme c'est qu'elle contient les SID de l'ancien compte or le domaine SAMBA possede son propre SID qui est different de celui de l'ancien domaine de rattachement du profil.

donc la marche a suivre est la suivante :

• vous creez les users dans samba: smbpasswd etc…
• vous recuperez le SID de l'utilisateur
• pdbedit -Lv user1 et cherchez la ligne SID (sous l forme S-X-……)

ensuite c'est simple, profiles ntuser.dat va vous afficher plein de lignes cherchez le SID dedans et faite un remplacement comme ceci:

• profiles ntuser.dat OLDSID NEWSID sur les PC
• ensuite dans document and settings supprimez TOUS les profils sur toutes les machines correspondants a ceux que vous avez envoyé sur le serveur.
• y a plus qu'a vous logguer et vous n'aurez plus de dossier sous la forme User.DOMAINE

all ports are listed in /etc/services

/var/log/xinetd.log /etc/xinetd.conf /etc/xinetd.d/

starting the xinetd daemon: sudo /etc/init.d/xinetd start/stop/restart restart xinetd daemon to take in acount the new configuration (This is an old method)

su
ps -u root | grep xinetd (get PID of xinetd)
kill -s SIGUSR1 "PID of xinetd"

Now you can simply /etc/init.d/xinetd restart/reload

test open ports on an given host nmap / xnmap (==nmapfe) (from package nmap-gtk which is a nmap frontend) example: nmap localhost

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-09-17 11:52 CEST Interesting ports on localhost (127.0.0.1): (The 1652 ports scanned but not shown below are in state: closed)

Nmap run completed – 1 IP address (1 host up) scanned in 0.356 seconds

to scan the complete network: 192.168.1.0/24 (/24 is equivalent to the subnet mask 255.255.255.0. The calculation is 8bits + 8bits + 8bits + 0bits = 24bits )

I'don't know now what it does… netstat -acntu

return the ip adresse given a machineName

• nmblookup “machineName”

an equivalent on windows is nbtstat (nbtstat -a “machineName”)

return all smb client/server in the lan

return the domaine name given the ip and vice-versa

returns the actual settings on localhost (to be used as SU)

e-mail settings: /etc/postfix/ :This directory containes the majors email configurations files /etc/aliases :This is the aliases file - it says who gets mail for whom. /usr/lib/postfix/ :this directory contains all binaries that are used by an email software /usr/lib/sendmail /usr/sbin/sendmail

• http://www.tldp.org/HOWTO/Net-HOWTO/
• http://www.linuxheadquarters.com/howto/networking/networkconfig.shtml

• before configuration, stop network: ifdown eth0

or

• /etc/init.d/network stop
• verify the network module is loaded by issuing /sbin/lsmod
• activate the eth0 by issuing ifup eth0

or

• /etc/rc.d/init.d/network start

/etc/resolv.conf (dns server)

• name server 151.201.0.39 # same as the DNS servers IP in windows ipconfig

/etc/host.conf

• order hosts, bind
• multi on

/etc/hosts

• 127.0.0.1 localhost loopback
• 192.168.0.1 this.host.name

hostname:

• /etc/sysconfig/network

change IP address permanently

• ifconfig eth0 %newip%
• vi /etc/sysconfig/network-scripts/ifcfg-eth0 (change ip)

• echo $SHELL (what my shell is)
• chsh (change shell)

• stty -a (to check the list of the current terminal settings)
• stty erase ^H
• stty kill ^U
• unset var_name

• setenv var_name var_value
• unsetenv var_name

• exit: CTRL+XC
• help: CTRL+H
• open file: CTRL+XF (or new file)
• save file: CTRL+XS
• save as: CTRL+XW

• CTRL+l (lowcased L)

• CTRL+/(CTRL+SHIFT+MINUS)

#Redo last

• CTRL+G

• CTRL+A

• CTRL+E

• CTRL+@

• CTRL+W

• CTRL+Y

• ESC+W

• CTRL+K

C-s search the document forward for string you name C-r search the document backward for string you name

remote cvs if using ssh (bash/) To set an environment variable in sh or ksh, use the syntax VAR=value;export VAR, where VAR is the name of the environment variable and value is the value you wish to assign. Do not put spaces on either side of the equals sign. The export command instructs the shell to propagate the value of the variable to all programs that are run by the shell. If an environment variable is reset, but not exported, the change will only apply to the shell itself.

[root@localhost root]# CVS_RSH=ssh
[root@localhost root]# export CVS_RSH
[root@localhost root]# echo $CVS_RSH

using csh

[root@localhost root]# setenv CVS_RSH ssh

cvs -d :ext:%username%@%server_domain%:%cvs_root_directory% checkout %modulename%

• P: the file has been updated. The P is shown if the file has been added to the repository in the meantime or if it has been changed, but you have not made any changes to this file yourself.
• U: You have changed this file in the meantime, but nobody else has.
• M: You have changed this file in the meantime, and somebody else has checked in a newer version. All the changes have been merged successfully.
• C: You have changed this file in the meantime, and somebody else has checked in a newer version. During the merge attempt, conflicts have arisen.
• ?: CVS has no information about this file - that is, this file is not under CVS's control.

for one specific user add in

• ~/.kde/share/apps/konqueror/servicemenus

or for all users add in

• /usr/share/apps/konqueror/servicemenus

a file named openassu.desktop that contains:

[Desktop Entry]
ServiceTypes=inode/directory,inode/directory-locked
Actions=openassu
 
[Desktop Action openassu]
Name=Open as Root
Name[fr]=Ouvrire en temp que root
Name[de]=Als root offnen
Icon=kfm
Exec=kdesu "konqueror --profile filemanagement %U"

or another file named runassu.desktop that contains:

[Desktop Entry]
ServiceTypes=application/x-executable,application/x-shellscript,application/x-python,application/x-perl
Actions=runassu
 
[Desktop Action runassu]
Name=Run as Root
Name[fr]=Executer en temp que root
Name[de]=Als root ausfhren
Name[cs]=Spustit jako root
Icon=kfm
Exec=kdesu -c

Add in directory ~/.gnome2/nautilus-scripts/ a file named “Open\ as\ root” that contains:

!/bin/sh
openas-root:
#nautilus script for opening the selected files as superuser (uid=0),
#utilizing the appropriate applications.
 
for uri in $NAUTILUS_SCRIPT_SELECTED_URIS; do
gnome-sudo "gnome-open $uri" &
done

for more information see: http://ubuntuguide.org/#openfilesasrootviarightclick

ldd /usr/bin/X11/xterm (list the shared libraries on which a given executable depends)

• rpm -i SuperFrob-4.i386.rpm (install a new package)
• rpm -U SuperFrob-4.i386.rpm (update a package that is already installed)
• rpm -e SuperFrob-5 (uninstall)
• rpm -q SuperFrob (find the version number of an installed package)
• rpm -qa (get a list of all installed package)
• rpm -qf /usr/bin/dotherpb (find out to which package a file belongs)
• rpm -qi gcc (display information about the specified package)
• rpm -qpl SuperFrob-5.i386.rpm (show the files that will be installed for the specified package file)

• deb file:/cdrom/ sarge main
• deb http://mirror.switch.ch/ftp/mirror/debian/ stable main
• deb-src http://mirror.switch.ch/ftp/mirror/debian/ stable main
• deb http://claws.sylpheed.org/debian/ unstable main
• deb-src http://claws.sylpheed.org/debian/ unstable main
• deb http://security.debian.org/ stable/updates main contrib non-free

to eject cd tray

eject -r

debug core file

gdb <programe> <core>

I'm compiling wxGTK on Redhat Linux 6.1: the following are my step when compiled wxGTK:

• ./configure
• make
• make install
• ldconfig

then edit /etc/ld.so.conf and add /usr/local/lib then I tried to compile calendar application:

• make -f makefile.unx

when i run calendar application error happend: GTK-WARNING XXX:Cannot open display. What should i do ?.

I see 3 cases :

1. You are not directly log on the computer where you run the programme (you do a rlogin or a telnet), in this case you have to set the DISPLAY variable to your computer display (export DISPLAY=mycomputeur.mydomain.org:0) on the remote computer and the X-Server must accept connection from this host (ugly autorisation with xhost : xhost +theremotecomputeur, right config with Mit-Magic-Cookie).
2. You log as user1, and after that you do a su and try to run the program as root. In this case the Xserver is the property of user1 and you try to access it as root, so it refused the connection. solution: run the programme as user1 (good one), or log as root (bad one).
3. Last you dont have an xserver on the computer.

I think in your case the most probable is the 2)