SUSE Linux 9 Guide

Nonroutable IP addresses

192 Addressing Non Routable

Every machine that is directly connected to the Internet must have a public IP address, commonly known as a routable address. A routable address is one that a connection can be made to from anywhere on the TCP IP network, in this case, the Internet. For example, any web site you visit that is on the Internet has a routable address. If it were non-routable, packets would not be able to be routed to it. Each IP address class has its own non-routable address, which can be used in a private IP...

SUSE Linux 9 Bible

Justin Davies, Roger Whittaker, and William von Hagen 10475 Crosspoint Boulevard Indianapolis, IN 46256 Copyright 2005 by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN 0-7645-7739-5 Manufactured in the United States of America No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107...

Linux History

The beginning of Linux is usually dated to August 25, 1991, the date on which Linus Torvalds sent a posting to the comp.os.minix newsgroup describing the work he had done so far. He subsequently invited others to join the project, made the code available by FTP, and offered it under a license allowing free redistribution (originally a license that he wrote himself, but soon afterward moving to the GNU GPL). A worldwide community quickly arose, working on the Linux kernel and submitting code and...

Configuring a Samba client

Like most administrative tasks on a SUSE Linux system, configuring and starting a Samba client is most easily done through YaST. If you are running the X Window system KDE desktop (SUSE's default graphical environment), you can execute by selecting YaST from the Control Center menu, which is available by clicking the SUSE icon at the bottom-left corner of your KDE desktop. If you start YaST as the root user, the YaST dialog displays immediately, as shown in Figure 18-1. Note If you start YaST...

Working with the Winbind Daemon

The Winbind daemon, winbindd, enables the Linux name switch service (NSS) to retrieve user and group information from a Windows primary domain controller (PDC). This provides a networked authentication mechanism similar to the Network Information System (NIS and NIS+) often used in computing environments that make heavy use of Sun's Network File System (NFS). The Winbind daemon enables Windows users to log in on a Linux machine using the Windows credentials provided by the PDC without requiring...

Other Window Managers

If you decide not to use either KDE or GNOME, a variety of X Window system window managers are available. Essentially, your choice is about balancing beauty against simplicity. If resources are limited, one of the fairly minimal window managers may suit you. Also, if you are in the habit of starting everything from the command line, then complex menus and icons may not be so useful to you. At the very minimal end of the spectrum, TWM and MWM provide an environment where you can start an xterm...

Managing Your Logs with logrotate

Having these logging technologies is great for accessing the information at your fingertips, but a time will come when you do not need the logs in their original form and would like to archive them off. This can be handled manually, but if you have a large number of logs, automation is the way to go. Logs, left to their own devices, especially those on a large active system, can run riot with your disk space. The logrotate application can automate the management of log files by copying and...

Creating partitions

This section uses the fdisk command to view, edit, and create partitions on a sample SUSE system. If you do not have available, unallocated disk space to experiment with on your existing system, this section provides examples of the most common reasons you would use fdisk to carry out partitioning work so that you can see how and when you might use fdisk in the future. Caution Partitioning and creating filesystems is a destructive procedure, and if not done correctly, it will destroy data. It...

Text Editors

Plain text is our favorite file format. It is readable everywhere and depends only on the universally understood ASCII (and these days, possibly Unicode) format. You are not limited to a specific program to read or create plain text, or to view it. In the world of Windows, the naive user thinks (and this is what the application vendor wants him to think) that just to write a shopping list, he should use a proprietary word processing application. When he sends that shopping list to his friend by...

The exports file

The sharing of directories by NFS is controlled by the file etc exports, which contains a list of directories with details of the hosts they may be exported to and other options. A simple example such as etc exports might contain just the following line This will export the directory test to the host client. The option rw (read-write) is set. If you restart the NFS server, you see this Shutting down kernel based NFS server done Starting kernel based NFS server exportfs etc exports 8 No 'sync'...

Logging with syslogng

In the previous section, we talked about the shortcomings of the syslog method of logging. The syslog-ng method goes further with the logging process by allowing you to specify regular expressions based on what the message contains for logging and by logging to specific files based on what the message contains. For example, the Linux firewall command iptables enables you to specify a logging prefix. If you were to use syslog-ng, you could specify that if the message that was intercepted by...

The log source

First, Listing 7-4 shows an example of a log source. Listing 7-4 syslog-ng Configuration for iptables Source include internal syslog-ng messages note the internal() source is required the following line will be replaced by the socket list generated by SuSEconfig using variables from etc sysconfig syslog unix-dgram( dev log) uncomment to process log messages from network udp(ip(0.0.0.0) port(514)) Listing 7-4 shows the source definition for the entire syslog-ng process. This example shows two...

Configuring a Firewall with iptables

To configure a firewall on Linux, you need to get used to the iptables command, which is used to manipulate the kernel packet filtering settings from user space. (Refer to Chapter 6 for more information on TCP IP, because an understanding of TCP IP is needed.) Note The terms user space and kernel space are used a lot in the Unix community. When some thing runs in kernel space, it is under the control and the constraints of the kernel. Something running in kernel space could be a kernel module...

File attributes

This is an additional layer of control over files above and beyond the standard Unix permissions system. File attributes are controlled by the chattr command. In general and in most situations, the attributes that this system allows are not widely used and not all of them are implemented on every filesystem, but most of the functionality of chattr is available on the common filesystems (ext2, ext3, and reiserfs). The one attribute that is particularly interesting and that can be set with this...

Postfix configuration

Postfix configuration is held in the file etc postfix main.cf. This file contains all configuration entries for general Postfix configuration as well as the locations of secondary configuration files for specific Postfix subsystems. To familiarize you with the Postfix configuration, we will run through the default Postfix main.cf file, highlighting the important configuration options. The default main.cf file is heavily commented to give you a means to understand what the option means. In...

Boot Managers

We will now go back to the beginning of the boot process and talk about boot managers. As you saw earlier in the chapter, the boot manager helps the system load other operating systems. You should see it as a stepping stone from the BIOS to the operating system itself. Two boot loaders are used in Linux the traditional LILO boot loader and the newer GRUB boot loader. The Linux Loader (LILO) was one of the first boot loaders available for Linux. It is a relatively simple loader that was designed...

Setting Up a Samba Server

Like most administrative tasks on a SUSE Linux system, configuring and starting a Samba server is most easily done through YaST. You can start YaST in the same way as discussed earlier in the chapter in the section Configuring a Samba client. To configure and start a Samba server, follow these steps 1. Click the Network Services icon in the left pane of the YaST Control Center and scroll down the right pane until you see the Samba Server icon, as shown in Figure 18-12. Figure 18-12 Samba Server...

Creating and Managing the Samba Password File

Most Samba servers use a Samba-specific password file to contain Windows username and password information. On SUSE systems, this file is etc samba smbpasswd. Entries in this file are created and updated using a utility that is also named smpasswd. This file is used only by Samba servers Samba clients use the authentication mechanisms that are provided by the Samba or Windows servers that you are connecting to. If the smbpasswd file is the only authentication mechanism that you specified when...

Mounting a shared Windows drive

There are many different ways to mount a shared Windows drive on your SUSE system, the easiest of which is to use the standard Linux mount command. For example, to mount an SMB share named wvh that is available on an SMB server named home, mount that share on the directory mnt smb, and access those files as the Windows user wvh, you would execute a command such as the following as the root user mount -t smbfs -o username wvh home wvh mnt smb The above command line can be broken down as follows...

Resizing existing operating system partitions

Nowadays, it is quite common to have systems that can boot multiple operating systems. Such computer systems enable users to take advantage of the power and applications available in each operating system by selecting between available operating systems when you boot the system. These are typically referred to as dual-boot systems because most people install at most two operating systems on a single machine. However, because more than two operating systems can be installed on a single disk, the...

Getting Started with Squid on SUSE

The SUSE installation media contain the Squid installation package first, you need to install this in the usual way using YaST. Squid is included in the YaST installation selection Network Server. Here we assume that you are setting up Squid on a machine on your network that has adequate access to the outside world. Simply installing and starting Squid is not enough Starting WWW-proxy squid ( var cache squid) usr sbin rcsquid line 135 14165 Aborted SQUID_BIN -z -F > dev null 2> & 1 Here...

Network services

Selecting the Network Services icon brings up the Manage Network Services area. This section includes tabs to manage DNS, dynamic DNS, the Squid proxy, and printers. If you choose to use the Standard Server as your network DHCP server, you will also find a DHCP tab on this page. DNS Configuration Certainly adds some real value getting the syntax of the bind configuration files right if you create them from scratch is often an irritation (see Figure 28-12). .ocrxion Fn Viriw n HpokmirtTS Toplf...

Problems with mounting NFS shares

If you find that you cannot mount a share that you think should work, the first thing to check is whether the NFS server is actually running. Check the etc exports file on the server carefully, and be sure that you have done exportfs -r or rcnfsserver reload since making any changes to it. The command rpcinfo can be useful if all is well, its output should look something like this ntd in this listing, then something is seriously wrong perhaps the NFS server has not registered itself with the...

Browsing available Windows resources

SUSE Linux provides a number of different ways to browse Windows networks to identify and access available resources. The most common of these is to use the Konqueror browser, shown in Figure 18-5. SMB support in Konqueror is constantly being improved, so make sure that you have installed the latest version of the kdebase3 package using YaST's Online Update control (discussed in Chapter 9) if you encounter problems. Figure 18-5 Browsing SMB resources in Konqueror Figure 18-5 Browsing SMB...

Webmin and YaST

Linux Webmin Dhcp

The variety of modules that Webmin includes can be seen from the Networking tab and Servers tab (see Figure 14-10). These include items that have only recently become part of YaST (such as IPsec configuration and HTTP configuration) and others that are still not included in YaST (such as Point-to-Point Tunneling Protocol (PPTP) server and client, CVS server, MySQL server, and others). At the time of this writing, at least one of the new YaST modules is buggy, and Webmin may be a useful...

Postfix terminology and use

The configuration options we just discussed represent only a small amount of what can be done with Postfix. We now talk about how this all works together and what it provides to you as a mail server administrator. Note Any parameter that starts with an SMTPD controls some part of an incoming SMTP-based connection. Similarly, any parameters starting with SMTP refer to outgoing (to other SMTP servers) connections. Configuring and securing your relay policy Postfix's relaying policy (allowing...

Analyzing Your Logs with logcheck

Once your applications are logging to specific files, and the logs are being rotated, you can then manage and view your system statistics daily. If you would like to automate analysis of your log files for major occurrences, logcheck is here for you. logcheck scans through your log files and searches for telltale security and error messages and emails you its findings at predefined times through cron. The logcheck process uses a bookmark feature to send you only its findings since the last...

SUSE Linux Open Exchange Server

The SUSE Linux OpenExchange Server (SLOX) is the latest incarnation in a series of mail server products that SUSE has produced based around the Cyrus IMAP server. SUSE Linux OpenExchange Server 4 has gained considerable popularity as a mail server for medium-sized organizations. It is a hybrid product it combines well-known open source components with a proprietary application server from Netline, which provides groupware functionality. Note During the production of this book, it was announced...

SUSE public mailing lists

SUSE runs a number of public mailing lists. You can subscribe to them at www.suse.com en The lists are archived at http lists .suse.com . The general purpose SUSE list in English is the suse-linux-e list. This mailing list is a general technical discussion list with a high volume of messages. The quality of responses is high, and it is well worth joining provided you are prepared for the large number of mails you will receive. Other interesting and lively SUSE lists include suse-oracle and...

Configuring user preferences

Linux stores most user preferences in so-called dot files in the user's home directory. If a filename starts with a dot, it will not be displayed by the ls command unless you use the - a option and is therefore regarded as a hidden file. Both dot files and dot directories are used to hold preferences for most of the programs you use. Many programs will write a new dot file in your home directory when you run them for the first time. Many of these dot files have names that include the letters rc...

Command Line Utilities for Samba

The Samba software suite includes a number of utilities that you may find useful when interacting with Windows networks from the Linux command line. The next few sections provide a brief introduction to some of the more useful ones. You can obtain a complete listing of all of the utilities on your SUSE system that are related to Samba by using the apropos command to identify any commands related to Samba or the SMB protocol, as in the following examples net (8) - Tool for administration of...

Running an FTP Server on SUSE

FTP is the File Transfer Protocol, which is best known as a way of allowing anonymous downloads from public Internet servers. Traditionally, Unix systems ran an FTP daemon by default, and users expected to be able to move files to and from their home directories using an FTP client from elsewhere. This was a convenient way of accessing the system without logging on, and was available from any kind of client. This type of use of FTP has come to be seen as both insecure and unnecessary It is...

Unmounting Filesystems

The discussions of mounting filesystems in the previous sections wouldn't be complete without a parallel discussion of unmounting those filesystems. Unmounting a filesystem removes the association between that filesystem and the directory in which it was mounted. In the case of removable media such as a CD, you will not be able to remove the CD from your drive unless it is first unmounted. Unmounting a filesystem is done using the umount command (note the missing n). You must be the root user...

Kernel Configuration

To be able to build kernels, you obviously need the kernel source package (called kernel-source) installed. In addition, you need gcc, make, and a number of other packages. One of the SUSE installation package set options is Kernel development if you have installed that selection, you have everything you need. If you want to base your kernel configuration on the currently running kernel, you have more than one way to begin. The configuration of the kernel that is actually running is always...

Working with file ownership and permissions

The users and groups discussed in the previous section are useful only because each file on the system is owned by a certain user and group and because the system of file permissions can be used to restrict or control access to the files based on the user who is trying to access them. - Cross- The section that follows is a crash course in file permissions we go into greater detail in If you look at a variety of files and directories from across the system and list them with the ls -l command,...

Using mount options

Most of the control over how NFS behaves is based on the server however, there are some options to the mount command that make a difference. You may want to force a read-only mount (even if the server is offering the share read-write). At the command line, you type root client mount bible share mint -o ro In other words, mount the directory share from the server bible (which is being made available by NFS) on the mount point mnt, with the option (-o) to the mount command ro, which means...

Strings ghex2 khexedit and antiword

If you are confronted with a file that the file command doesn't give very useful information about (perhaps it just reports data ), it may be worth trying to view it with cat -v, with less, or with a text editor. If all you see is binary junk, you may still be able to find out something useful using the strings command, which searches inside a binary file for text strings and outputs them. The output may give some useful clues. The applications ghex2 or khexedit may also be useful. These are...

Advanced shell features

If useful shell features such as command history and completion intrigue you, just wait This section highlights some of the other powerful capabilities that are built into the bash shell. Most of these features are present in the other shells discussed earlier in this chapter, but this section focuses on bash because it is the standard shell used on Linux systems. Note You may want to skip over this section if you are new to Linux and are just trying to learn how to perform some standard tasks....

Compressing Files

Two compression programs are in common use on Linux, gzip and bzip2 gzip is more common, but in general, bzip2 leads to somewhat smaller file sizes. To compress a file using gzip, do this user bible temp gzip afile user bible temp ls afile.gz The file afile has been compressed to the file afile.gz. To restore the original file you can use the gunzip command (or the equivalent gzip -d). Notice how each time the original is no longer there. If you want to keep the original file while writing the...

Specifying Leases

A DHCP client keeps its information for a finite amount of time. You can specify the amount of time (in seconds) a client keeps the DHCP information using the default-lease-time. If the client does not specify a lease expiry time, the server's preference will be used. If a client does specify a lease time, the server can enforce a maximum time, max-lease-time, overriding the client's preference. Specifying both options puts a limit on the upper and lower lease time allowed for clients to hold...

Creating an ISO image to burn to CD

An ISO file is a file that essentially contains the image of an ISO 9660-compliant CD. If you create archive files in this format, you can then burn those files to a CD for offsite archival purposes. To create an ISO image of the directory work that you can subsequently burn to CD, do this mkisofs -J -r -o work.iso work To mount the image and check that it is correct, use the following You can then umount the image (umount mnt) and then burn the image to CD using cdrecord from the command line...

Burning ISO images to CD

There have been changes recently in the way Linux handles CD writers. Under the 2.4 kernel series, CD writers required the ide-scsi driver, which meant that they worked using SCSI emulation. In 2.6, this is no longer the case. As a result, the user-space tools have had to change somewhat. The easiest way to burn ISOs to CD is k3b, which is a graphical tool included with all current versions of SUSE. At the time of this writing, there is a minor bug in the version of k3b shipped with SUSE...

Mail server settings

Selecting the Mail Server icon brings up the Mail Server Settings area. Here there are five tabs Postfix (subtitled Basic Postfix Configuration), Postfix for Experts, IMAP Configuration, Fetch Mail, and Alias Management. Postfix You can set up a relay host, if you are using one dial on demand for machines that are not permanently online and spam filtering. You can switch on secure Simple Mail Transport Protocol (SMTP) and Transport Layer Security (TLS) encrypted connections. Postfix for Experts...

The SUSE Rescue System

We have talked about fixing system problems by changing the boot runlevel of the system temporarily, but what if you encounter a dire problem such as forgetting the root password This requires another approach because you will need the root password at some point. SUSE realizes the need to be able to repair a Linux system, which generally requires Linux tools and access to the ailing Linux system using those tools, and so has included a Rescue System on the first CD or DVD in your SUSE...

Printer Configuration

One of the biggest things that annoyed Linux users in the past was the configuration of printers. In the Windows world, the addition of a printer was painless, but in Linux it seemed the process was always marred by problems with drivers and configuration options. The Common Unix Printing System (CUPS) print drivers have helped to provide a unified printer architecture for Unix in general, and with distributions such as SUSE providing configuration front ends, the problems have become less...

Listing 152 Output of route n with No Default Route

Bible route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0 0 0 lo As you can see, this example uses the -n option to suppress the use of name resolution. When you suppress name resolution, it speeds up the execution of the command because it will not try to resolve an IP address to a name using your name resolver, which could at best be your local hosts file or at worst be your network's DNS server. You have two...

Vsftpd as an Anonymous FTP Server

1997 Subaru Outback Wagon Main Fuxe Box

An FTP server is most commonly used as a server for anonymous downloads. We look at this setup first. An anonymous FTP server is a server that allows anyone to log in with the username ftp or anonymous and download files. If you use a browser to access an anonymous FTP site, the browser passes the login information to the site without the user having to think about it. User FTP, which we consider later, refers to an FTP server on which specified users have accounts that they can access with...

Compiling an RPM from the spec file

To set up your environment for compiling the RPM, the source file has to be located in usr src packages SOURCES. You need to use the rpmbuild program to take the spec file and compile the source based on the configuration you have specified. The -bb argument is used to specify that you wish to build (b) and binary (b) package. You can see in Listing 12-10 how the build process follows the spec file you have created, going through prep, setup, and files to compile a binary RPM. Listing 12-10...

Listing 222 Attempting to Upload Files to an FTP Server

User client home user > ftp bible Using binary mode to transfer files. 229 Entering Extended Passive Mode ( 16553 ) If you want to allow existing local users to upload files, you need to set the following in If you have done this, a new user FTP session like the one shown in Listing 22-2 will succeed in uploading to the user's home directory. If you also want to allow uploads from anonymous logins (ftp or anonymous), you need to enable the following There will have to be directories on the...

Mounting and unmounting filesystems

Mounting a filesystem is what you need to do to make the files it contains available, and the mount command is what you use to do that. In Linux, everything that can be seen is part of one big tree of files and directories. Those that are on physically different partitions, disks, or remote machines are grafted on to the system at a particular place a mount point, which is usually an empty directory. To find out what is currently mounted, simply type the command mount on its own. Note SUSE now...

Integrating Cyrus and Postfix

So now that you know how Cyrus works, you need to set up Postfix to use Cyrus to store the user's mail. In etc postfix main.cf, we need to set the mailbox_transport to use the service cyrus. The service cyrus is preconfigured in etc postfix master.cf. This file contains definitions for SMTP services as well as any user-defined services that can be used in parameters such as mailbox_transport. So you edit etc postfix main.cf and change the mailbox_transport as follows When etc postfix main.cf is...

Booting from the hard disk with special boot parameters

Sometimes it is enough to boot the system from hard disk, but into runlevel 1 (by simply typing the digit 1 as a boot parameter (in the initial boot screen). Runlevel 1 is single user mode, with no networking and without starting most services. So if there is a problem that is causing the boot process to fail at a later stage, you may be able to solve the problem by booting into runlevel 1 and making the necessary changes. You can run YaST or edit configuration files in this state, and then...

Logging with syslog

The standard Linux logging facility is syslog. The syslog daemon intercepts messages logged to the system logging facility and then processes those messages based on the configuration specified in etc syslog.conf. The other side of syslog is the klogd process, the kernel logging process that processes kernel-specific messages such as kernel crashes or a failure in a component of the kernel (for example, a kernel module). Note Not all processes use the syslog method of logging. You will see in...

Filesystem Benchmarks

Choosing the type of filesystem that you want to use on your system can be tricky. Throughout the earlier sections of this chapter, we have explored the capabilities of various Linux filesystems and suggested the types of tasks that each is best suited to. However, nothing shows the performance of a filesystem better than benchmarks that you can run against each, and then simply compare the results. Various books and articles on Linux filesystems provide just this sort of comparison. Justin...

Booting Concepts

The term booting comes from the saying Pull yourself up by your bootstraps, which is fundamentally what a machine must do. When power is applied to the processor, it carries out a self-check to make sure it is healthy and jumps to a predefined address in memory called the BIOS (basic input-output system) to load and initialize the system hardware. The BIOS is the piece of code that checks your system memory, initializes hardware, and checks to see if you have a bootable operating system. This...

The root partition

Once the swap space has been created, you need to configure the root ( ) partition (see Figure 1-11). The root ( ) partition is the most important data partition on any Linux or Unix system, and is the only non-swap filesystem partition that is required in order to boot a Unix or Linux system. The root partition takes its name from the fact that it is the partition mounted at the root of the Unix Linux filesystem, which is the directory known as . A filesystem must be mounted on this directory...

Why Use a Firewall

A firewall, whether Linux-based or not, should always be used to protect machines connected to the Internet. A firewall, by its very nature, is designed to control what can be accomplished over the network, and it is very unlikely you want your 200 Windows machines to be connected to the Internet in full view of any malicious person that comes along (and bare Windows machines on the Internet are like drops of blood in a 10-mile radius of a pack of sharks ). Most people think that a firewall is...

Listing 159 Using telnet as a Protocol Tester

This is a test mail that I am sending you. We have used the SMTP protocol to specify that we are sending a mail to the user justin palmcoder.net from the user justin bible from the machine localhost (ehlo localhost). This is a standard SMTP protocol transaction that can be used to quickly test an SMTP server's ability to send mail to a specific user. We discuss mail servers and a further example of using Telnet to test a service in Chapter 17. The command line used, telnet localhost smtp, is...

The exportfs command

The exportfs command can be used to handle the exporting of directories directly from the command line. To export all directories listed in etc exports, use exportfs - a. If etc exports has changed, exportfs -r rereads etc exports and changes the state of the directories being exported accordingly. This is like doing rcnfsserver reload. You can export a directory that is not mentioned in etc exports by doing something like this root bible exportfs -iv -o rw,sync client tmp The -iv option tells...

The showmount command

The command showmount provides information about mounts on an NFS server. user client > showmount -e bible This command lists the exports list for the server bible. Typically this will be the contents of etc exports, but if changes have been made without using exportfs as described in the previous section, these will be reflected in the output. root bible exportfs -i -o rw,sync client home user client > showmount -e bible test * home client In the preceding example, you can see home, which...

Upgrading an EXT2 filesystem to an EXT3 filesystem

Because EXT2 and EXT3 filesystems share the same internal structure (with the exception of whether or not a journal exists), you can easily convert an existing EXT2 filesystem to an EXT3 filesystem to take advantage of the journaling capabilities of the latter. You may want to do this if you decided to play things safe and created all of your filesystems as EXT2 filesystems when you installed SUSE on your system, or if you are upgrading an older, existing Linux system that uses EXT2 filesystems...

User Authentication

A common requirement is to add user authentication so that only known users within the network can get web access via Squid. The simplest way to do this is to make use of whatever authentication methods are available on the machine where Squid is running, using PAM (Pluggable Authentication Modules). To do this, you need something like the following in auth_param basic program usr sbin pam_auth This says that you should use PAM for authentication Whatever authentication method is valid will now...

Using SuSEfirewall2

SUSE includes its own sysconfig-based firewall script called SuSEfirewall2. The SuSEfirewall script has come a long way since its conception many years ago and provides a robust feature set that can be configured through YaST. For new users who need to set up a quick firewall, this is the perfect option. We would have suggested in years gone by that you should write your own firewall script, but if you do not feel the need to be able to control your rules explicitly, SuSEfirewall produces a...

Using Squid as a Transparent Proxy

One of the difficulties in running a web proxy is that each client browser has to be configured to use it. A much neater solution is to force all attempts to access a web site to go through the proxy. This can be achieved quite simply by using iptables firewall rules on the machine where Squid runs. What you want to do is to intercept all outbound packets to external hosts on port 80 (and certain others perhaps) and redirect them to port 3128 on the server. Squid will then do the proxying. So...

Switching runlevels manually

If you wish to switch runlevels, you can use the i nit or telinit commands, which are located in the sbin directory on SUSE systems. The telinit command is a symbolic link to the i nit command. The i nit command therefore behaves slightly different when invoked as telinit, taking the -t flag followed by an integer number of seconds. The init command will wait the specified number of seconds before switching to the specified runlevel. The i nit process is fondly referred to as the grandfather...

Dont panic Block 8193 is almost always a superblock backup

As an example, the following mount command mounts the partition dev hda5 on the directory mnt as an EXT2 filesystem using the alternate superblock at block address 8193 mount -t ext2 -o sb 8193 dev hda5 mnt Although the EXT2 and EXT3 filesystems share the same general organization, the EXT3 filesystem supports various attributes that are specific to its support for journaling. These attributes are stored in the superblock of an EXT3 filesystem. The most interesting of these attributes are those...

Configuring your hardware

When you have read the release notes, click Next and you will be asked to configure your hardware (see Figure 1-30). The YaST installer and the YaST system configuration manager will run the same modules to configure hardware. For now you will configure the video card so that you can use X KDE GNOME. Select Change O Graphics Cards, and the Sax2 tool will be loaded to configure all aspects of X Windows, including monitor, graphics card, mouse, and keyboard. The Sax2 tool is a utility written by...

Framebuffer graphics

Any VESA2-compliant graphics adapter is capable of providing framebuffer graphics. Framebuffer graphics provide an abstraction layer for the graphics hardware in your computer system and provide an easy way for X to interact with and control your graphics hardware. If nothing else works, this is your best chance of getting graphics configured, but may negatively affect the performance of your hardware. If you need to use framebuffer graphics, you can specify a graphical resolution at boot time...

Configuring United Linux

The SLOX system's base operating system is the now deprecated UnitedLinux. SUSE, Caldera, and TurboLinux, along with the major vendors, decided that a base, certified Linux distribution was needed so that vendors could certify against it. Since the SCO lawsuit, UnitedLinux has been disbanded, but SUSE has still used the UnitedLinux base as the certified platform for SUSE Linux Enterprise Server (SLES) 8 and SLOX. As SUSE was the distributor that UnitedLinux was written by, this has not impacted...

Setting Up a Web Site with the Apache Web Server

The history of the World Wide Web can find its beginning on two different continents. In Europe in 1990, Tim Berners-Lee put together the pieces of software and hardware that today make the Web what it is, while a few years later, North American programmers at the University of Illinois' National Center for Supercomputing Applications (NCSA) developed and released what became the world's first widely used web client and server software. It is from this, the NCSA HTTPd Web Server, that the...

Using preinstall chroot and postinstall scripts

AutoYaST allows you to include scripts in the XML file (as CDATA sections). The three phases of the installation at which the scripts can be run are before the installation proper begins (pre-scripts) while the installation system is in memory, but before the first reboot (chroot scripts) and after the first reboot of the system (post-scripts). Using such scripts, which are usually shell scripts, means that essentially anything is possible. For example, during the main part of the installation,...

Listing 205 Reverse Zone for 1921680024

IN SOA ns.intpalmcoder.net. admin.intpalmcoder.net. i In the reverse zone definition, you can see the first entry in the file has been replaced with the symbol. The symbol is very important and is interpreted as the zone this file relates to. In the case of a reverse map, the zone is 0.168.192.in-addr.arpa. The in-addr.arpa is a special address that signifies this is an IP address lookup. The zone itself is a reverse of the IP address we are looking for. In much the same way that the...

Understanding Your Linux Network

It encompasses the Internet, wide area networks, metropolitan area networks, local area networks, and any other network type you can think of. In its simplest terms, the network is a source of connectivity between two systems. It could be a proprietary link between two legacy machines, or open protocols all the way with the latest generation of networked enterprise systems, Linux. Regardless of what you think a network is, the likelihood is that you have a fair idea...

Searching files with grep

The grep (global regular expression print) command is a very useful tool for finding stuff in files. It can do much more than even the examples that follow this paragraph indicate. Beyond simply searching for text, it can search for regular expressions. It's a regular expression parser, and regular expressions are a subject for a book in themselves (but were introduced in the section Advanced shell features earlier in this chapter). When using or administering a system, you often need to look...

Extracting Lines from Files

In this section, we look at the slightly more difficult challenges of extracting exactly the lines or parts of lines that you want from a text file, based on certain criteria. grep The grep command is the global regular expression printer. What that means is that it cannot just search for a particular string in a file and output the lines where that string occurs, but can search for text that follows a particular pattern and output the matching lines. For example, the pattern could be a single...

Diff and patch

The diff tool compares two files and produces output that describes precisely the difference between the files, containing all the information needed to restore one from the other. In the simplest case, if the two files are identical, the command diff file1 file2 produces no output. The diff command can report the differences between the files in more than one format here you use diff without options user bible > cat file1 red elephant, red wine blue mango red albatross user bible > cat...

Configuring your network access

If any network interface cards have been detected in the system, you will be asked to configure them for network access (see Figure 1-21). By default, YaST sets the first Ethernet card it finds as your system's primary Ethernet interface and assigns it an address that is configured via the Dynamic Host Configuration Protocol (DHCP). You can find discussions about DHCP servers in Chapter 19. For most people using SUSE in a business environment, a DHCP server may already be running, and an...

As we have already created a group of users we can tell SLOX that we want just those users to have access to this folder

Firela* File Edil View Co Bookmarks Tools Window Help O I O i1) Tuff 13.0t Justin Davie s J Firela* File Edil View Co Bookmarks Tools Window Help O I O i1) Tuff 13.0t Justin Davie s J FtnefDK Support Cyrui Migration mai 12web FfFrFs Fw Fi F p F c F d F a 1 Delete Set (defete the group or add or remove members). Create Shared Folder edited by multiple users. Edit Shared Folder Deiete and rename a shared folder and manage access permissions. user Enter a Filter then apply filter-- The user may...

Administrating SLOX

To administrate SLOX, you need to log into the SLOX interface using a web browser. The administrative user who has full control over SLOX is called cyrus. The cyrus user can control users, services, mail spools, and the monitoring of the SLOX system using the administrative interface. To log into your SLOX installation, open a web browser and enter the IP address of the SLOX Note If you are a clever administrator, you would have entered the IP address of your SLOX instal lation into your DNS...

Configuring SLOX

When UnitedLinux has been configured, you move on to the SLOX-specific configuration 1. We will be configuring SLOX as an Internet facing mail server, talking to an external Domain Name System (DNS) server (Internet lookup capable). With this in mind, we will not configure an internal DNS or Samba server because this is not needed for the operation of the mail server and is very rarely used in an existing network. Note If you want to configure a DNS and Samba server, you need to set the...

Setting up a DRBD pair

Before configuring DRBD, make sure it is installed using YaST. By default, the DRBD system is not installed. For more information on installing packages, refer to Chapter 1. To configure the partners, you need to create a single DRBD configuration that is used on both machines, etc drbd.conf. A DRBD configuration file needs to contain a resource definition that describes the DRBD devices. This definition will contain the host names of the partners, IP addresses, and the devices you want to keep...

Using Cache Manager

Squid includes a tool, cachemgr.cgi, that is installed at usr share doc packages squid scripts cachemgr.cgi. If you copy this to srv www cgi-bin , you can then go to and view comprehensive information about the state of the squid cache (see Figure 25-4). CachcMgr localhost menu - Konqueror n Edit View Go Bookmarks Tools Settings Window Help uSE Qftp inftp hungry. al transfer 577395 Current Squid Configuration (hidden) Shut Down the Squid Process (hidden) Toggle offline_mode setting (hidden

Setting Up a Web Proxy with Squid

Squid is the most popular open source caching web proxy server. This means that it fetches and holds local copies of pages and images from the web. Client machines requesting these objects obtain them from the Squid proxy server rather than directly. There are several good reasons (and possibly also some bad ones) why people use Squid and other caching web proxies. A web cache on the local network means that objects (web pages, images, and so on) that have already been requested do not need to...

Logging Dropped Packets

When your firewall has been configured to your liking, you will want to log any traffic that has not been explicitly sanctioned by you. To do this, you need a final rule before the packet hits the default policy for the chain that uses a target of LOG. The LOG target interprets the TCP IP packet and logs it via the syslog facility for you to monitor unauthorized traffic. Just logging raw, unauthorized traffic is quite difficult to manage, and thankfully the LOG target allows you to specify a...

Setting your first rules

Before you touch upon setting more specific rules, you need to set the default policy for the firewall and enable some state rules (see Listing 23-2). Listing 23-2 Setting Initial Firewall Rules iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT Here, you have set the default policy for all chains to DROP the packets. At this moment in time, all...

Setting Up User FTP with vsftpd

Here we assume that you want users with accounts on the system to be able to access their home directories by FTP. Again, please be aware that this could constitute a security risk if the system is available to the Internet, and you should think carefully about whether you want to do it. One common reason why you might want to do this is to set up a system to receive incoming files you can set up artificial users to own each home directory for each type of incoming file. You can then give the...

YaSTs NFS client module

YaST's NFS client module simply writes information to the etc fstab file about NFS mounts that you want to be available there (and that you want to be mounted with rcnfs start). You can see an example of the module in Figure 21-1. The YaST NFS client module can be started with the command (as root) yast2 nfs or yast nfs for the text version. It is available through the YaST Network Services menu. Figure 21-1 Configuring the NFS client with YaST Figure 21-1 Configuring the NFS client with YaST

Rcnfs start and rcnfs stop

On a SUSE system, the operation of the NFS client is treated as a service and has its own startup scripts in etc init.d and the related command rcnfs. The commands rcnfs start and rcnfs stop (run as root) start and stop the NFS client service and mount and unmount (if possible) any NFS shares that are included in etc fstab. The unmounting fails if the mount point is in use. If the service nfs is not set to start in runlevels 3 and 5, the Network File Systems specified in etc fstab will not be...

Adding the zone to namedconf

To add the zone to the BIND server, you need to create a zone reference in named.conf This defines the zone palmcoder.net, which is the master for this zone and is located in the file var lib named palmcoder.net. When the zone is defined, you need to reload the DNS server's data with rcnamed reload Reloading name server BIND 9 done Note When you define a node, you must specify the type of the zone itself. In this case, we have defined the zone as a master. This means that this zone definition...

The Samba Configuration File

Samba is configured through settings that are stored in a text-format configuration file, which is located in the file etc samba smb.conf on your SUSE system. The huge number of settings available in this file provides an interesting demonstration of the flexibility and power of the Samba software suite. The Samba software suite provides excellent documentation about configuring and using every aspect of Samba. In addition, a number of excellent books are available on Samba and Samba 3 at your...

Bit of Background

The SUSE Linux kernel features built-in connectivity with networked Windows resources by supporting the Windows Server Message Block SMB protocol that underlies most native Windows networking mechanisms. The SMB protocol is now considered a part of Microsoft's more general Common Internet File Services CIFS , but its name lives on in the Samba software suite. Acronyms reign supreme in the network world, most of which are related to the history of various standards and protocols. This is...

Creating a shared mailbox

If you want to create a mailbox that is shared between certain users, use the cm command to create the mailbox and also set the access control list (ACL) for users on the mailbox. For example, if you have three users, justin, roger, and aimee, on the system, and you want them to be able to store and view messages in this folder, but not to be able to delete any, you can look up the access control codes in Table 17-1 and set the ACL on that folder using the sam command (set ACL on folder). Note...

Table 151 Output of ifconfig

Link encap Linux supports not only Ethernet, but other networking devices. This signifies what data link format is used. In this case we are using an Ethernet device. Hwaddr The hardware address (commonly referred to as the MAC address) of the inet addr The IP address of the interface. Inet6 addr The IPv6 address of the interface. Scope The scope of the IPv6 address. UP Flag to signify this interface is up, or active. BROADCAST This interface will accept broadcast traffic (Ethernet, not IP)....

Perl version

To achieve what we want in Perl, we script the following use Date Calc Object qw( all) Date Calc- date_format(2) open (LOG, access.log ) while () bits split( s+ ) if ( bits 2 192.168.2.4 ) date Date Calc- gmtime( bits 0 ) print date, ' ', bits 6 print n Here we define the interpreter to be Perl. The line starting with use again imports the necessary functionality to format the date from the appropriate Perl module, and the next line specifies a particular format for the date time string that...

Shell variables

As a shell script is essentially just a string of shell commands, it understands the current environment variables. For example echo Your current directory is PWD Here USER and PWD are the environment variables that are already accessible to the shell representing the current user and the working directory, respectively. If you save this in a file scr1.sh, you have a simple shell script. The first line tells the system that it is to interpret the script using bin bash. This line applies if you...

Finding what RPM package owns a file

When a package has been installed, you may need to find out if a file on the system belongs to a package for maintenance purposes. To do this, you need to again query (-q) the database and also find where the file came from (-f), as we do in the following code lines bible media dvd suse i586 rpm -qf usr X11R6 bin blackbox blackbox-0.65.0-306 As you can see by the second line in the preceding example, the RPM database is fully aware that the file usr X11R6 bin blackbox belongs to the Blackbox...

Moving around the text

We have talked about using the cursor to move around the text while in command mode. To speed up your text editing, you can use shortcuts to move quickly to blocks of text, the start and end of a file, and to the start and end of a line of text. Moving to the start and end of a file To move to the end of a file (and this applies to quite a few text-based applications in Linux such as man and less), press Shift+g. To move to the start of the file, press g+g. To move around a line of text, you...

Using NTP Time Services

Network Time Protocol NTP synchronizes your machine time with a centralized time server of your choosing. Time servers available on the Internet are usually a secondary source to a machine that acts as a central time server. Central or primary time servers are usually linked into an extremely accurate clock mechanism. To specify an NTP time source, select the Network Service icon in the left pane after starting YaST and then select the NTP Client option from the right pane. Selecting the NTP...

Creating and Using Boot and Rescue Floppies

The installation media contain a set of floppy disk images for starting an installation if for some reason you cannot boot from CD. There is also a rescue floppy image. These are in the directory boot on the DVD or CD1. YaST contains a module for creating floppy disks from these images. It can also write out an arbitrary floppy image to disk. Clearly, this is not useful for a new installation if you do not already have another SUSE system set up, but it may be useful to have a full set of boot,...

Configuring Installation Sources

You are able to install SUSE from a network, CD, or DVD. Installing SUSE using an FTP server and other network-related sources is discussed briefly in Chapter 1. When the system is installed, you can also configure other installation sources for the SUSE packages. This is a common scenario when you have a few SUSE servers that all run from the same installation media. To specify alternate installation sources, select the Software icon after starting YaST, and click the Change Source of...