Tuesday, December 28, 2004

GRUB with password

1) /sbin/grub-md5-crypt
When Prompted enter the password you will use for grub. It will give back a MD5 hashed password. Note it down.

2) Edit /boot/grub/grub.conf . In the line of main section add this line
password --md5

3) Reboot. Now only pressing P will allow you for password.

4) If there is a DOS partition in grub under the title DOS do as follows
title DOS
lock
password --md5

5) Finally chmod 600 /boot/grub/grub.conf

And here are some password cracking programs
www.openwall.com/john
www.users.dircon.co....k/~crypto/index.html
www.ussrback.com/distribute.html

Sample host.conf

# Order in which service are queried
order bind hosts nis
#permit multiple address per host
multi on
#verify reverse domain lookups
nospoof on
#log "spoof" attempts
alert on
#remove local domain for host table lookup
trim foobirds.org

X Font Server and XDM

1) In /etc/init.d/xfs
change from
daemon xfs -droppriv -daemon
to
daemon xfs -droppriv -daemon -port 7100

2) Enable firewall for UDP Port 177 to accept

3) In /etc/X11/fs/config comment out this
# no-listen=tcp

4) In /etc/X11xdm/xdm-conf ig comment out
! Display Manager requestPort: 0

5) If using gdm in /etc/X11/xdm/Xaccess
Change from
#* # any host can get a login window
to
* # any host can get a login window

6) In /etc/X11/gdm/gdm.con f
[xdmcp]
Enable=true
Port=177

7) In /etc/X11/xdm/Xsetup_ 0 should chmod 755

8) Edit XF86Config in /etc/X11
from
FontPath "Unix/:-1"
to
FontPath "Unix/:7100"

8) To Connect from Linux m.c @ shell
x - query 192.168.0.1

Hey! Silly Question Answers

1) How can I change colors of display of ls command ?
Edit /etc/DIR_COLORS

2) Where to set permission for console, floppy CDROM, Scanner etc. ?
Edit /etc/security/consol e.perms

3) How to Change messages on top of login screen ?
edit /etc/security/issue
edit /etc/security/issue- net

4) How to put customised message while system boots up ?
edit /etc/security/redhat -release

5) How do i display a message on the screen after a user logs into his account ?
edit /etc/motd

6) Where do I set packet forwarding feature
edit /etc/sysctl.conf

7) How do i set default route ?
route add default gw 192.168.0.1

8) How do i add a network to route ?
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.1

9) How do i add a device
route add -net 192.168.1.0 netmask 255.255.255.0 eth0

10) How do i set default password controls like password aging.
edit /etc/login.defs

NFS Advice

Ok boys, today I will give some advice on NFS on Linux.

1) Do not use the insecure option. Clients should not connect the NFS server from ports greater than 1024. By default its secure

2) By default NFS uses root_squash. It means that a root user on client machine will not be having root access on server. He will be given nobody's UID and GID and that means only world permission. Never make it no_root_squash

3) /usr/local/pub (squash_uids=0-50, squash_gids=0-50)
Ok, dont get upset. This means if this entry is exported with read write permission which is default, it prevents client users from using UID and GID starting from 0 to 50 which is dangerous.

Help! I lost my root password

Move the system to runlevel one in grub;

At boot the grub menu will state "press e to edit";
press e;
and then choose the line with kernel on it;
press e;
to edit again and move to the end,
pressing the end key;
enter a space and the digit "1";
press enter
and then "b" to boot.
This will take you to a command prompt where you can unlock the account or change your password.

That is it

Configuring Kerberos Server

Ok. Guys, this is how I configure Kerberos 5

1) /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5li bs.log
kdc = FILE:/var/log/krb5kd c.log
admin_server = FILE:/var/log/kadmin d.log

[libdefaults]
ticket_lifetime = 24000
default_realm = INDEX.COM
dns_lookup_realm = false
dns_lookup_kdc = false

[realms]
INDEX.COM = {
kdc = muruga.index.com:88
admin_server = muruga.index.com:749
default_domain = index.com
}

[domain_realm]
.index.com = INDEX.COM
index.com = INDEX.COM
[kdc]
profile = /var/kerberos/krb5kd c/kdc.conf

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}

2) /etc/krb.conf
INDEX.COM
INDEX.COM muruga.index.com:88
INDEX.COM kerberos.index.com:7 50 admin server

3) /etc/krb.realms
.index.com INDEX.COM

4) /var/kerberos/krb5kd c/kdc.conf

[kdcdefaults]
acl_file = /var/kerberos/krb5kd c/kadm5.acl
dict_file = /usr/share/dict/word s
admin_keytab = /var/kerberos/krb5kd c/kadm5.keytab
v4_mode = nopreauth
kdc_ports = 88,749

[realms]
INDEX.COM = {
master_key_type = des-cbc-crc
supported_enctypes = arcfour-hmac:normal arcfour-hmac:norealm arcfour-hmac:onlyrea lm des3-hmac-sha1:norma l des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
}

6) /var/kerberos/krb5kd c/kadm5.acl
root@INDEX.COM *

The log files are /var/log/kadmind.log , krb5kdc.log and /krb5libs.log

7) First we create the database with this command

krb5_util create -s

This will ask for password. Enter it.

8) Now enter following

kadmil.local -p root@INDEX.COM

It takes us to kadmin console. Do as follows

kadmin.local: addprinc root@INDEX.COM

It asks for password. Enter it.

9) Now we need to add host.

kadmin.local: addprinc -randkey host/muruga.index.co m

10) Now start server kerberos.

krb5kdc start
kadmin start

11) Next we need to setup keytab file as follows.

kadmin -p root@INDEX.COM
kadmin5: ktadd host/muruga.index.co m

12) In workstation copy the krb5.conf from server to client & used kerberised client like telnet and ftp.

Ok boys thats it for now

Fedora Based KVM

Do these on the Host Machine

1) Four files in /etc/X11/xdm/ need to modify: xdm-config, Xresources, Xaccess, and Xservers.

2) In xdm-config, DisplayManager.reque stPort is either commented out or set to the default (XDMCP) port, which is 177.

3) Xresources can be changed to value of your option. If you dont want to change leave it alone.

4) Xaccess file is how xdm determines access to the various hosts. The idea is that we want xdm to do two things. First, we want every host on the LAN to be allowed to choose from amongst all available X servers running on all other hosts. Second, we want to allow any host to be allowed to login to the current host as well as all the others. For the first, we make sure the following line is added to the Xaccess file:

* CHOOSER BROADCAST # xdm allows all hosts to ask for a list of available hosts

For the second, we add the following line to the Xaccess file:

* # xdm allows all hosts to login to this host

5) The final configuration change is to the Xservers file. Here, we do not want xdm to automatically start/use the local host's X server. If it does, it only allows us to login to the local host, whereas we want to choose which host we will use to login. Therefore, we comment out any local X servers configured in the Xservers file. If you have any X terminals or machines acting as dedicated X terminals, do not comment out those lines or the X terminals will not work.

6 If you want xdm to be run during all the runlevels that allow active network connections (usually 2-5). do this Add a line similar to the following to /etc/inittab:

xd:2345:respawn:/usr /X11R6/bin/xdm -nodaemon



Now we need to configure the Server

1) Now we decide if we want to start the X server manually from the command line, or have it started automatically for us at system boot. If we want to start it manually, we can either start the X server itself, or via the startx or xinit programs. We will do the former. Assuming Server name ullas :

X -indirect ullas

This starts the X server and has it send a query for any hosts that the xdm running on ullas finds available on the LAN. Xdm then responds with a list of hosts to choose for logging in. Starting the X server upon system startup only takes a little more work than doing so from the command line. On storch , a SYSV machine, the easiest way is to add a line to /etc/inittab as follows:

xs:5:respawn:/usr/X1 1R6/bin/X -indirect ullas

We also need to change the line that sets the default runlevel as follows (remembering that on this particular Unix implementation runlevel 5 is for a X windows environment upon startup).

id:5:initdefault:

That is it

Terminal Server Setup

This is a terminal setup for Fedora Core1

1) In /etc/init.d/xfs change
From
daemon xfs -droppriv -daemon
To
daemon xfs -droppriv -daemon -port 7100

2) Enable firewall for UDP Port 177 to Accept Traffic

3) In /etc/X11/fs/config comment out this
#no-listen=tcp

4) In /etc/x11/xdm/xdm-con fig comment out
! DisplayManager requestPort: 0

5) If using gdm in /etc/X11/xdm Xaccess Change
From
# * # any host can get a login window
To
* # any host can get a login window

6) In /etc/X11/gdm/gdm.con f
[xdmcp]
Enable=true
Port=177

7) In /etc/X11/xdm/Xsetup_ 0 should be chmod 755

8) Edit XF86Config in /etc/X11
From FontPath "unix/:-1"
To FontPath "unix/:7100"

9) Now Reboot the server and in the command prompt type
xdm -nodaemon

10) Now you will get into X window Manager in Server

11) To get X Window manager on the client type below command at shell prompt. That is it. Finished.
X -broadcast

12) To connect from Windows machine install Cygwin. Then at command prompt of it type X server IP
X -query 192.168.0.1

13) To automatically login the client to xdm server use command below in inittab and at level 5
/usr/X11R6/bin/X -depth 16 -query 192.168.0.1

Adding Truetype Fonts

How to install truetype font in linux ?

1) We need to create a directory first to hold all truetype fonts. Normally i create it at /usr/local/fonts/ttf

2) Then copy all truetype fonts into this directory.

3) Now cd /usr/local/fonts/ttf directory.

4) Enter the following commands

# ttmkfdir > fonts.scale
# mkfontdir

5) Now if you view the directory you will see 2 new files "fonts.scale" and "fonts.dir"

6) Now Redhat users can use the following command

chkfontpath -a /usr/local/fonts/ttf

7) If you don't have the chkfontpath command, you will have to edit the file /etc/X11/xfs/config (or /etc/X11/fs/config), find the line which starts with "catalog=", and add your directory at the end of the list, separated by a comma.

8) That's it! You can test it now by running the xfontsel program from the terminal, or run the "Font Selector" program from the Utilities menu in Gnome. You should immediately see the truetype font names in the list of fonts.

9) If you add more fonts to the directory you have to re-run the following commands to regenerate the fonts.dir file:

# ttmkfdir > fonts.scale
# mkfontdir

Create a CD Boot

I read this on a news group

Create a Directory like:
mkdir -p myinstallcd/dosutils /autoboot

Copy the image to where you want the image to be:
cp bootdisk.img myinstallcd/dosutils /autoboot

Now create ISO of the image and make it bootable.

mkisofs -b dosutils/autoboot/bo otdisk.img -c boot.cat -r -o myinstallcd.iso
myinstallcd

Finally, burn the image:
cdrecord -v speed=16 dev=0,0,0 -data myinstallcd.iso

Thursday, December 23, 2004

No of Processes running

Quick tell me how many processes are running on the server ?

# ls /proc | grep "^[0-9]" | wc -l

Or

# ps -aux | wc -l

Load Of a system

How to determine load of a system.

SAR (system activity report)

Type sar at command prompt. It gives lot of information



Port Redirecting

Question :
I want to block port 80 from Lan use to make squid the default. i tried it with the ip tables but it's blocking web access completely that im not able to browse even with squid

Answer:
Ttrasparent proxy thru squid. For this make your squid as a transparent proxy and redirect the request for port # 80 to 3128 like the following rule.

#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

This will do.

Power of WGET

To download anything from website use wget command line utility. Here is an example

wget -p -r -np http://gentoo.org/doc/en

* -p: also download any images,.. linked from the pages downloaded
* -r: recurse - default depth is 5
* -np: Download from the directory given, no parent files

Message Of the Day

Here is a way to set MOTD

If you are using xdm add the following line to /etc/X11/xdm/Xstartu p.

xmessage -file /etc/motd -geometry 640x480

Partition Problem

I had 3 OSs in my system (win 98, win 2000 prof. and Fedora). Unfortunately, I deleted the Linux partition using 'fdisk' utility. During booting, my system shows only the grup prompt. I can't boot / access the other OSs.. Please help me to change the boot loader and access the remaining OSs.

Solution ?

Two ways to do it.

* If you have Windows 98 startup disk, then boot with it and in the command prompt (C:\>) type 'fisk /mbr'. This should restore the boot record for you by cleaning the MBR which has the GRUB.

* If you have Windows 2000 bootable installation disk, boot with it and go for 'Repair' option. Once you are in the recovery console, type 'fixmbr' to restore your Windows 2000 boot record to MBR.

Package Management

If you have lot of software packages with different versions or if your user should be given control of whatever he wish to install be installed, then look at this package called GNU Stow.

GNU Stow is a program for managing the installation of software packages, keeping them separate (/usr/local/stow/emacs vs. /usr/local/stow/perl , for example) while making them appear to be installed in the same place (/usr/local).

Should have a look at it.

Did you lose your Root Password

No Problem.

Add "init=/bin/bash" to the command line of the boot loader (LILO or GRUB). You will be dropped into bash (shell). Type 'passwd'. It will prompt for the new password. Enter a password and remember it .

IP Forwarding

OK. Here is a simple way to do IP Forwarding if its not enabled by default. Put this in rc.local.

echo "1" /proc/sys/net/ip4/ip _forward

Or you can use the file /etc/sysctl.conf and add the following entry

net.ipv4.ip_forward= 1

Tuesday, December 21, 2004

System Inventory

If you are managing a network of systems and in the process of documenting the hardware and software installed in the system, then you should try phpInv. It is a software that allows you to build this in a DB and allow access using browser with permissions. This catalog is editable, if permitted. Quite neat. Try It now.

Monday, December 20, 2004

Resizing Partition

Your u could use either of :

1) PartitionMagic
2) resize2fs
3) qtparted (http://qtparted.sourceforge.net/) - A open source PartitionMagic "clone".(Check this out..really works well :-) http://qtparted.sourcreenshot-002-a.jpg)

If you have already resized your partition, all you need to do is
resize your file system. resize2fs will do the job.

Interesing Commands

1) Did you know "w" command will show a list of who does what in the terminals

2) That "last command can be used to see recent login info from wtmp file. eg last ullas shows when ullas has logged in and the terminal info

3) "whatis" can be used to show description of a program. eg whatis perl. But you must create whatis db with makewhatis command

Command Line CD Burning

Give these commands

cdrecord -v -eject dev=ATAPI:x,x,x speed=48 driveropts=burnfree /path-to-image/image -name.iso ( For direct IDE writing)

cdrecord -v -eject dev=x,x,x speed=48 driveropts=burnfree /path-to-image/image -name.iso ( For direct SCSI emulated writing)

PS: You need not take any special care for bootable CDs if you are writing the CD from ISO image as the image itself contains the boot information.

Dialup Permission With KPPP

How to give access permissions to all in order to solve the problem of kppp asking root password when invoked by other than root users.

The problem here is not the permissions of the executable. Its the group / user as which pppd wants to run. On debian, this group is called 'dip'. So adding a user to that group will let him run pppd.

Another thing is that how to give access to other users for particular programs or apps alone , for eg the redhat update manager ( the yum ) req root previliges , but for a particular user i need to relax it ,where to grant permissions in order to do this.

You can setuid root the executable, but instead giving sudo to the user is a much more cleaner / safer way.

Inittab Deleted or error

What happens if you accidentely delete inittab file ?

No Problem just pass the option 'init=/bin/bash' to the kernel while booting. You will
be into the shell directly and you can create an inittab file.

Hows that.

If Windows is installed after Linux

* Boot with the first Installation CD and type 'linux rescue' in the boot prompt. The installer anaconda will mount RedHat installation under /mnt/sysimage.

* Type 'chroot /mnt/sysimage' in the rescue shell that you get.
* Open '/boot/grub/menu.ls t' in your favourite editor and add the following lines to the end it it.

title Microsoft Windows
rootnoverify (hd0,0)
makeactive
chainloader +1


Note: Its assumed we installed Windows to hda1. If you have doubt do 'fdisk -l /dev/hda' to find the your C:
hda1 -> (hd0,0)
hda2 -> (hd0,1)
and so on.

* Then type 'grub-install /dev/hda'. It will report that installation of GRUB completed.
* Reboot using 'reboot' command and you will be getting GRUB with two entries one for Linux and other for Windows.