Redirecting Traffic
What if you want to redirect traffic to a different port on the firewall This is very common when you are setting up a transparent HTTP proxy with something like Squid or another content proxy. A redirection rule does not redirect to an IP, only a port. This makes it a local rule to the firewall only. With this in mind, any redirect rules must have a matching INPUT rule that allows the traffic to be accepted on the redirected port. bible - iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0...
In the example here YaST has created the file etcnamedconf the file etcnamedd forwardersconf and everything under
The YaST DNS Server module is an example of how YaST has evolved to be capable of creating and maintaining relatively complex configurations. Regardless of whether you have a large corporate network or a small home network with an asymmetric digital subscriber line (ADSL), you will probably want to use a DNS server. In the case of a home network with multiple machines, you can make your life a lot easier by configuring a forwarding caching server to speed up your general Internet use, as well...
Sed
Sed is the stream editor that means that you can use it to edit a stream of text (from a file or from the output of a different program) according to rules that you define. In fact, these rules can be very complex and you can do very clever things with sed, but we suggest that for the more complex tasks these days, a modern scripting language (Python, Perl, or Ruby according to taste) may sometimes be a better option. For simple tasks (such as replacing all instances of a string in a file with...
Mount devhda5 mint o notail
Another option that you can specify when mounting a ReiserFS filesystem is to disable journaling. To turn off journaling, add the nolog parameter to the options that you supply to the mount command. At the time of this writing, the Reiser filesystem actually still executes its journaling algorithm internally when this option is specified but simply does not write this data to disk, so this option provides only a slight increase in performance at the potential detriment of reliability should...
Using the vim Initialization File
If you want to customize how vim works, you can add startup commands to the file .vimrc in your home directory. This file is used to set the profile for how vim works for you and is very useful. One popular feature of vim is its syntax highlighting. If you are editing C, or maybe Perl, vim can colorize your text so it is easier to read. Open the .vimrc file (it may not exist, which means you'll have to create it) and add the following to the file It is usually nice to be able to use the...
Copy and Paste in X
Windows users are used to using Ctrl+C and Ctrl+V for copying and pasting between applications. Almost all X applications follow the principle that selecting with the left mouse button copies and clicking with the middle button pastes. This is one reason why you should really make sure that you have a genuine three-button mouse when you run Linux. However, many applications, including KDE applications, also use the Ctrl+C Ctrl+V system. KDE has a clipboard application (klipper) that maintains a...
Setting Up SCPM
SUSE Configuration and Profile Manager (SCPM) is a profile manager for the SUSE system. Profiles allow you to define multiple configurations for the same system and switch between them. This is particularly useful for laptop users who, for example, need different network, proxy, and printer settings at home and at work. We will configure this same environment as a quick introduction to what can be achieved with SCPM. It is an extremely powerful component of the SUSE system that can profile any...
Strictrfc821 envelopes
If you want clients connecting to Postfix to have to strictly use RFC 821 envelope addresses (fully qualified and enclosed in angle brackets), then this option will deny any MAIL FROM RCPT TO non-RFC addresses. J1 rr SHSglf It may be a bad idea to set this because there are many mail servers that are broken W . 'CV-.w s in the sense that they are not fully compliant with the standards set in the RFCs, and so assume they can get away without the angle brackets, and so on.
Finding Files with find and locate
The find command searches the filesystem for files that match a specified pattern. The locate command provides a faster way to find files but depends on a database that it creates and refreshes at regular intervals. The locate command is fast and convenient, but the information it displays may not always be up-to-date this depends on whether its database is up-to-date. To use the locate command, you need to have the package findutils-locate installed. If the package is installed, the database...
Setting Up a Scanner
YaST's scanner module automatically detects and sets up a scanner if it can USB and SCSI scanners are supported, as well as Hewlett-Packard's all-in-one (scanner-printer-fax devices) USB devices and network scan stations. The ancient parallel port scanners are not supported and cannot be configured with this module. In most cases, if a USB or SCSI scanner is detected, YaST sets it up automatically. A few USB scanners require a firmware file to be installed. If this is required, YaST warns you...
Looking at the Configuration of the Running Kernel
Root bible proc zcat config.gz more Automatically generated make config don't edit CONFIG_X86 y CONFIG_MMU y CONFIG_UID16 y CONFIG_EXPERIMENTAL y CONFIG_CLEAN_COMPILE y When you get bored with reading this, type q to quit more. It is instructive to page through this file and look at the various options that refer to the hardware, filesystems, and so on that are to be supported by the kernel. The y at the end of lines means that the support for the relevant item is compiled into the kernel....
Configuring BIND for Caching and Forwarding
After installing the BIND DNS server using YaST, you need to edit its main configuration file etc named.conf. When you are configuring BIND to act as a central DNS server for your home or an organization, it is always a good idea to tap into your Internet service provider's DNS server as a resource to provide you with public DNS lookups. When you rely on another DNS server to go and find your DNS lookups, it is called a forwarder because it literally forwards your DNS lookups to another DNS...
Getting Started with Squid on SUSE
The SUSE installation media contain the Squid installation package first, you need to install this in the usual way using YaST. Squid is included in the YaST installation selection Network Server. For this discussion, we assume that you are setting up Squid on a machine on your network that can connect freely to the outside world. Start Squid with the command rcsquid start. The first time that Squid is started, it creates a hierarchy of cache directories under var cache squid . If you look in...
Setting Up a Samba Server Using YaST
YaST's Samba Server module can be found in the Network Services section of the YaST menus, or can be started using the command yast2 samba-server. 1. As with other Samba modules, the Samba Server module behaves differently according to whether YaST finds a previous configuration already in existence or not. If there is no previous configuration it runs as a wizard asking essential questions until it has the information to create a configuration. If a previous configuration already exists, it...
Completing Installation
Once you have finished with your hardware configuration, click Next. It has been a long road, but you have successfully installed SUSE at this point (see Figure 1-33). Pat yourself on the back if you are new to the world of Linux. Although installing Linux is much easier now than it used to be, you have begun a journey in which you will learn a great deal and join a worldwide community of Linux users whose help and insights (thanks to the Internet) are never far away. V welcome Syiitenttouljiia...
R
V iSM( ii* & . -W , In the early days of Linux, printing was difficult to set up and equally difficult to manage. The print system was known as LPD (line printer daemon). Just as with X configuration, in the early days, at least, grown men wept. I still have bitter memories from 1997 of trying to make sense of the Linux Printing HOWTO and then, when I thought I had cracked it, ending up with a huge stack of paper covered in apparent garbage (raw PostScript code). Fortunately, those days are...
Starting sendmail
Installing sendmail as described in the previous section also installs the sendmail startup script etc init.d sendmail and creates symbolic links that automatically start and stop sendmail at run levels 3 ( etc init.d rc3.d S14sendmail and etc init.d rc3.d K08sendmail, respectively) and 5 ( etc init.d rc5.d S14sendmail and etc init.d rc5.d K08sendmail, respectively). To start sendmail, execute the startup script manually, as in the following example To verify that sendmail is running and its...
IP Addresses
Every machine that takes part in a TCP IP network such as the Internet has an IP address. If you dial up and check your e-mail, you are given an IP address to distinguish you from other machines so that machines you communicate with know how to find you. An IP address is something called a dotted decimal number. We will take a private IP address (which we talk about later in the chapter) of 192.168.0.1 as an example. 192.168.0.1 is a dotted decimal number. The dots split up the number into...
Disk Space Usage
To see how much disk space is being taken up by files in the current directory, you can use the du command (think disk usage). du alone lists the current directory and each subdirectory together with the disk usage. du -h lists the output in human readable'' form (that is in kilobytes, megabytes or gigabytes). du -hs (s for summary) just tells you the total usage under the current directory. To see how much disk space is being used per filesystem, use the command df (think disk full). Often,...
Adding Information
When the LDAP server is up and running, you can populate the server with your information. Some tools available for LDAP help with the initial population of LDAP data, as well as migrating existing users on the system to the LDAP directory. Here, we will populate the server with information using an LDIF (LDAP Data Interchange Format) file. j r - - r PADL (the reverse of LDAP) provides some infrastructure tools that integrate with LDAP, providing a much easier environment for an administrator...
Configuring a Firewall with iptables
To configure a firewall on Linux, you need to get used to the iptables command, which is used to manipulate the kernel packet filtering settings from user space. (Refer to Chapter 6 for more information on TCP IP because an understanding of TCP IP is needed.) f - - r The terms ''user space'' and ''kernel space'' are used a lot in the Unix community. rr when something runs in kernel space, it is under the control and the constraints of the kernel. Something running in kernel space could be a...
Setting Up Desktop Effects
To get desktop effects to work, you need a suitable modern graphics card. Having installed SUSE, the easy way, particularly if you have done a GNOME install, is to run the Gnome Control Center and choose the icon Desktop Effects.'' This will attempt to install an appropriate driver for your card, reconfigure your graphics using sax2 to use that driver, and rewrite your display manager configuration ( etc sysconfig displaymanager), so that GDM or KDM starts the Xgl server rather than X. The...
All group passwd rpc
The network information that was entered in the final stage of the YaST configuration is stored in the file var yp securenets. To set up a NIS server entirely from the command line, use the following steps. 1. To set the NIS domain name, use the following ypdomainname disruptive.org.uk 2. To go through a set of configuration steps to define, run the program usr lib yp ypinit (note that this is not in the path by default, so you need to call it with its full path) 3. At this point, we have to...
Postfix maincf file Example
Queue_directory var spool postfix command_directory usr sbin daemon_directory usr lib postfix unknown_local_recipient_reject_code 550 debug_peer_level 2 debugger_command xxgdb daemon_directory process_name process_id & sleep 5 sendmail_path usr sbin sendmail newaliases_path usr bin newaliases mailq_path usr bin mailq setgid_group maildrop manpage_directory usr share man sample_directory usr share doc packages postfix samples readme_directory mail_spool_directory var mail canonical_maps hash...
Emacs Modes
This is where emacs really comes into its own. emacs provides different sets of key bindings and functions that are automatically associated with different types of files. The set of key bindings and functions for a particular type of file is known as a mode. For example, if you are editing HTML, emacs has a mode for HTML. If you are editing Perl code, emacs has a mode for Perl. In the same way, there are modes for all major programming languages, for shell scripts, for Makefiles, for almost...
Searching Files with grep
The grep (global regular expression print) command is a very useful tool for finding stuff in files. It can do much more than even the examples that follow this paragraph indicate. Beyond simply searching for text, it can search for regular expressions. It's a regular expression parser, and regular expressions are a subject for a book in themselves. When using or administering a system, you often need to look for lines in a file that contain a certain string. In the first example in the list...
The bochs PC Emulator
The bochs project goes back a long way. It is a free (licensed under the GNU LGPL) PC hardware emulator that provides a complete emulation of PC hardware in software. As is the case with QEMU and VMware (see later in the chapter), you can install an operating system into bochs. However, bochs does not offer virtualization of the underlying hardware to the guest. This means that it can be built and run on any Unix-like platform on any hardware architecture, but it also means that it is slow. For...
Runlevel Editor
Throughout the book, we have talked about enabling services at boot time. This is very important when dealing with Unix systems. A mail server would be useless if the server process itself did not start up at boot time. You would have to manually start the mail server every time the system booted, which is inefficient and time-consuming. The Runlevel Editor can be used to turn on and off system services at system boot in different runlevels. To load the Runlevel Editor, start YaST and select...
Virtual Machines Using QEMU
QEMU is an open source hardware emulator. It can emulate an x86 system on x86, but can also both emulate and run on some other architectures. In particular, it can emulate and run on the PowerPC architecture. QEMU packages are included in the SUSE distribution. QEMU is developed by the French genius Fabrice Bellard, and the latest version is always available from http fabrice .bellard.free.fr qemu . You can install most x86 operating systems in QEMU, including most versions of Windows and most...
Configuring sendmail
The primary configuration information for sendmail is stored in the file etc sendmail.cf. Additional configuration information is stored in the directory etc mail. The file etc sendmail.cf is a text file that contains configuration information consisting of name value pairs on separate lines of the file. Most systems that run sendmail create the file etc sendmail.cf from another file, send-mail.mc, which is often stored in the etc mail (Linux systems such as Red Hat) or usr lib mail cf...
Booting Concepts
The term booting comes from the saying Pull yourself up by your bootstraps, which is fundamentally what a machine must do. When power is applied to the processor, it carries out a self-check to make sure it is healthy and jumps to a predefined address in memory called the BIOS (basic input-output system) to load and initialize the system hardware. The BIOS is the piece of code that checks your system memory, initializes hardware, and checks to see if you have a bootable operating system. This...
The Initial Ramdisk
As the system boots, it needs drivers for the disk controllers and the filesystems on the hard disk otherwise, it will not be able to mount the disks. The necessary drivers may not be included in the kernel itself but loaded as drivers. This is not a problem on the running system but can create a chicken and egg'' situation at boot time. This problem is solved by loading the initrd into memory at boot time. (Typically the initrd loaded is whatever is pointed to by the symbolic link boot initrd,...
Printer Configuration
One of the biggest annoyances for Linux users in the past was the configuration of printers. In the Windows world, the addition of a printer is painless, but in Linux it seemed the process was always marred by problems with drivers and configuration options. The Common Unix Printing System (CUPS) print drivers have helped to provide a unified printer architecture for Unix in general, and with distributions such as SUSE providing powerful configuration front ends, printer configuration has...
Mount devsda1 mnt o nosuid
This command mounts the partition dev sda1 on the directory mint and ensures that no programs in that filesystem whose s bit is set will be able to take advantage of that fact to execute as a privileged (or specific other) user. Three final mount options that are generally useful are ro, rw, and remount. When mounting external or remote partitions, you may occasionally want to mount them read-only so that you cannot accidentally change their contents. You would do this by specifying the ro...
ToPDC or Not to PDC
A domain controller is a server that supplies authentication information for a Windows domain. If you want your Samba server to join an existing Windows domain, you probably do not want it to act as a primary domain controller because a primary domain controller will already exist (probably in the form of a Windows server). Starting a second primary domain controller on an existing Windows domain will certainly confuse any Windows systems that are already members of that domain and will...
Sendmail
As mentioned earlier in this chapter, sendmail is the most popular Mail Transfer Agent in use on Linux and Unix systems today, but is not used by default on SUSE systems because its configuration syntax is somewhat cryptic. However, if you are installing a SUSE system in an environment where sendmail is the default MTA, you'd be hard pressed to argue for using a different MTA on your SUSE box. The sendmail program was written by Eric Allman, whose delivermail program was the original ARPANET...
Figure 2821
Installing Windows 2003 as a Xen virtual machine windows Virtual Machine Console < roger-amd64> Configuration Files and Command-Line Tools Each virtual machine has a configuration file in etc xen vm. If you use file-based virtual machines (in other words, the virtual disk is a file), these are stored by default under var lib xen images . The following is an example of a configuration file name opensuse ostype opensuse extra disk vif 'mac 00 16 3e 10 ab 98', vfb 'type vnc,vncunused 1' This...
Apache logrotate Entry for accesslog
var log apache2 access_log compress dateext maxage 365 rotate 99 size +4096k notifempty missingok etc init.d apache2 reload endscript As you can see in Listing 7-8, a given logrotate entry is made up of multiple directives. Each of these directives gives logrotate some instruction as to how to behave toward the log files covered by that particular logrotate entry. Table 7-3 details each of the directives in this file and the actions they inspire. Compress Compress the file when it is rotated....
Adding or Editing Groups
To create or edit groups in your system, select Security and UsersOGroup Management or, from the command line, type yast2 groups. Similar to the User section, you are presented with a list of groups currently on the system (see Figure 9-24). You can select a group from the list and click Edit to change settings for that group, or click Add to create a new group. You can choose to filter the list to show all system groups or local groups only (that is, the groups made up of real human users)....
Dos2unixand unix2dos
DOS and Windows have a different convention for newline characters from Unix and Linux. In DOS, the newline character is a carriage return and a line feed, whereas in Unix it is just a linefeed. What this means is that there can be problems when dealing with files from one system on the other. The programs dos2unix and unix2dos will convert (by default in place) a file from one system of newlines to the other. This will silently overwrite the original file with its Unix-style line endings with...
SUSE Kernels and Vanilla Kernels
Traditionally, the kernels shipped by SUSE and other commercial Linux vendors have always differed from the official kernels (often known as vanilla kernels) that are available from www.kernel.org. Exactly how much difference there has been has varied with time. During the long period when the 2.4 kernel series was the stable kernel and extensive development was being done on the 2.5 series, a large number of 2.5 features were backported into SUSE's 2.4 kernels. The first release of the 2.6...
Strings ghex khexedit and antiword
If you are confronted with a file that the file command doesn't give very useful information about (perhaps it just reports data), it may be worth trying to view it with cat -v, with less, or with a text editor. If all you see is binary junk, you may still be able to find out something useful using the strings command, which searches inside a binary file for text strings and outputs them. The output may give some useful clues. The applications ghex or khexedit may also be useful. These are...
Configuring a DNS Server with YaST
YaST has a DNS Server module, which can be found in the Network Services section of the YaST menus, or can be called from the command line with the command yast2 dns-server. In the example in this section, you set up a simple DNS server using this module. As with YaST's DHCP server module (see Chapter 20), the behavior you see when running this module differs according to whether YaST finds a previously configured setup. If previous configuration files are not found, YaST runs as a wizard the...
Linux Enterprise Hardware The Big Players
We have already alluded to the fact that many of the big technology players are involved with Linux and with bringing Linux into the enterprise. This section surveys some of the major companies and technologies that have placed Linux so firmly in the enterprise space. We have always been big fans of ridiculously expensive hardware that runs Linux, and we think that is true for most ubergeeks (although we would never admit to being them ). The de facto hardware in the industry has to be...
Using chkconfig to Control Runlevels
The command chkconfig is a program that allows you to add and remove services from the runlevel directory of a specific runlevel. If this program did not exist, you could in theory create your own links to move from one runlevel to another for example, in the directory etc init.d rc3.d to etc init.d to make sure a process starts and stops in an order you dictate. The services that you can control with the chkconfig command are all of the scripts in the etc init.d directory. However, on a SUSE...
Xgl and Compiz
Around the time of the original release of SUSE 10.0 and SLED 10, there was considerable interest among Linux desktop circles about the introduction of exciting new features on the desktop. These were the use of Xgl as an alternative to X and a compositing window manager. Put in those terms, this does not sound very interesting, but what you can do with these features is novel and compelling. If you have the right hardware and drivers, you can have extraordinary visual effects on the desktop,...
Using squidGuard
The squidGuard filter can be used with Squid to prevent access to undesirable sites. It is an additional package that you may need to install from the installation media. The maintainers of squidGuard also offer a set of blacklists of pornographic and other undesirable sites that squidGuard reads into a database in memory when it runs. Any requests for URLs in the database will be blocked by Squid. In order to use squidGuard, you need an additional line in etc squid squid.conf redirect_program...
CSV Files
CSV (comma-separated values) is a common format for interchanging data, particularly as an export format from various commercial applications running on Windows. A CSV file consists of a set of lines of text. Each line is broken into fields by a field separator, which is usually the comma, and each field is usually surrounded by quotes. First Name,Second Name,Street Address,City The OpenOffice.org imports a CSV file into its spreadsheet how perfectly it will do this depends on the exact format...
NFS Security Considerations
As with SMB shares, you certainly should not make it available beyond the private network. The lists of allowed client IPs or hostnames in the exports file are no defense against someone who is able to alter a machine's IP address (which, with physical access, in practice means anyone). The problem referred to earlier about UIDs failing to match between server and client means that a user may have the wrong permissions on another user's files on the server,...
Network Address Translation
Network Address Translation (NAT) is a technology that allows you to ''hide'' your private IP network from the Internet. All traffic, whether it is to a web server or a mail server or so forth is seen at its destination as having come from your NAT box. The NAT box then does the reverse translation when the server you are communicating with needs to send you data back and will change the destination IP address to that of your private machine. The web mail server you are communicating with has...
Using the YaSt Dhcp Server Wizard
The first time that YaST's DHCP module is run, it runs as a wizard, asking you for the information it needs to create a valid configuration file. On subsequent occasions, YaST provides a slightly different interface to the same configuration information, which is discussed in the following section. To set up and configure a DHCP server for the first time using YaST, do the following 1. Start YaST's DHCP Server module. First you are asked to select the Ethernet interface or interfaces on which...
Zypper Options
As we noted previously, zypper's options are roughly compatible with those of rug. Here, we repeat the previous example, but using zypper Enabled Refresh Type Alias Name 1 Yes Yes rpm-md openSUSE-10.3-Updates openSUSE-10.3-Updates 2 Yes Yes yast2 openSUSE-10.3-DVD 10.3 openSUSE-10.3-DVD 10.3 root bible root zypper sa server ha-clustering SLES_10 LMB-ha * Adding repository 'LMB-ha' Repository 'LMB-ha' successfully added Enabled Yes Autorefresh Yes URL Now if we list the repositories, we see that...
Boot Loader Configuration
We talked in Chapter 4 about configuring the boot loader of the system using the boot loader configuration files directly. Here we will quickly use YaST to install a new boot option into the GRUB boot loader for the installation of a new Linux kernel. We hope that as you move through this chapter you will see there is more than one way to do things in Linux the easy, the interesting, and the downright hard way. We have concentrated on the easy and the interesting ways throughout the book and...
Adding the Zone to namedconf
To add the zone to the BIND server, you need to create a zone reference in named.conf zone palmcoder.net type master file This defines the zone palmcoder.net, which is the master for this zone and is located in the file var lib named palmicoder.net. When the zone is defined, you need to reload the DNS server's data with rcnamed reload Reloading name server BIND 9 done j r - - r When you define a node, you must specify the type of the zone itself. In this case, , we have defined the zone as a...
Configuration Using YaST
YaST's module for configuring Apache is contained in the package yast2-http-server. The module appears in the YaST menus in the Network Services section labeled HTTP Server. To call the module from the command line, type yast2 http-server. When the Apache packages are installed, a default set of configuration files are also installed. If YaST finds that these have not yet been changed in any way, the module runs in wizard mode to create a customized configuration. Clearly, the number of...
Setting Up User Access
The most common security issue for a web site is the need to password protect a directory or file. To do this, the first step is the creation of a password file. The password file needs to reside somewhere outside of the webspace. For example, if the web site's documents reside at srv www htdocs dir on the filesystem, then the password file needs to reside somewhere outside of that space, such as etc http-passwd. Creating the file is simple just use the htpasswd2 utility that comes with the...
Testing the POP3 Server with Telnet
+OK ready < 2282.1088970620 bible> +OK Password required for justin. pass password +OK justin has 1 visible message (0 hidden) in 544 octets. As you can see, the user justin has one unread mail that is 544 octets in length. You can pass other parameters to Qpopper to extend its functionality. For example, if you want to allow your users to enter their usernames in uppercase or mixed case format, you can add -c to the Qpopper command line in etc xinetd.d qpopper to enable this. Another...
Understanding the Display Environment Variable
As you'll see in the next few sections, the DISPLAY environment variable tells X Window system applications which device they should contact in order to display their output. In most cases, you won't have to set this variable because the default is always your local machine. However, in general, the DISPLAY environment variable is declared using a command such as the following The displayname specification uses the following form When specifying a DISPLAY, hostname specifies the machine on...
The files Macro for logcheck
doc CHANGES CREDITS README* systems linux README* attr(700,root,root) dir etc logcheck attr(600,root,root) config etc logcheck * attr(700,root,root) config etc cron.hourly logcheck attr(755,root,root) usr sbin logcheck.sh attr(755,root,root) usr sbin logtail The entries you want to note in this file are as follows defattr This macro sets the default file permissions for all files installed, unless explicitly stated for each file entry. doc An important files macro entry. It is used to specify...
HELO and EHLO
AHELO is the first part in a handshake (so called because that is how we civilly start a conversation). When an SMTP server receives a HELO from the client, it then responds with the capabilities of the SMTP server itself. As the SMTP grew, more features were added. For backward compatibility, the HELO command responded with the very standard response of what the SMTP server can do. If an SMTP client can understand extended SMTP commands, it can start the conversation with an EHLO (Extended...
The Squid
The main Squid log by default is at var log squid access.log. Exactly what is logged here depends on the options chosen in the configuration file. The options are explained as comments in the standard configuration file shipped with the SUSE package. In particular, if you set in etc squid squid.conf, the format of the log file will change to look more like Apache's access log. The difference can be seen in these two sample entries 1199366332.055 159 192.168.2.111 TCP_MISS 200 768 GET - DIRECT...
Output of chkconfig list with a Customized Runlevel
If you are customizing a runlevel for a specific purpose (again, for Apache in this example), you should choose the runlevel that is closest in principle to what you need to run just for Apache and then customize it to your situation. Because we do not need X Windows, but we do need a multiuser system with networking, we choose runlevel 3 as a default and then customize it down. 'You can also adjust runlevels with YaST's runlevel module (command yast2 runlevel). See Chapter 9 for more details.
DOS Emulation Using dosemu and dosbox
The online openSUSE repositories contain packages for two DOS emulators, dosemu and dosbox. They are similar, except that dosbox is intended as a platform for running DOS games. The dosemu package provided by openSUSE includes a version of FreeDOS, and free software DOS clone. However, it is possible to replace this with MS-DOS or another DOS variant if you want to. After the package is installed, all you need to do to run it is type either dosemu or xdosemu, and you will see a window with a...
Querying RPM Packages
To find out information about an RPM package, you must query the RPM database or the RPM package directly. You do this with the -q command-line option. If you are querying an installed RPM, you just need to use the -q parameter with the query type you want to use. If you need to query an RPM package file directly, you have to add the -p (package) directive. Querying RPMs is a very important part of administrating an RPM-based system because you may need to see what version of the software is...
Postfix Terminology and
The configuration options we just discussed represent only a small amount of what can be done with Postfix. We now talk about how this all works together and what it provides to you as a mail server administrator. Any parameter that starts with an SMTPD controls some part of an incoming SMTP-based connection. Similarly, any parameters starting with SMTP refer to outgoing (to other SMTP servers) connections. Configuring and Securing Your Relay Policy Postfix's relaying policy (allowing users to...
Also do this on the command line using rcSuSEfirewall2 start or rcSuSEfirewal stop
To select the network interfaces that will take part in the firewall configuration, click Interfaces. It is very important that you get this right otherwise, your configuration will be the wrong way 'round and will not work as you expect. In the sample network configuration previously in the chapter, you had eth0 as the internal network interface and ethl as the external public interface, so set that here as well (see Figure 24-5). I In this chapter, we have looked at firewalls on systems with...
Sound and Multimedia Formats
As far as sound is concerned, you can play .mp3, .ogg, and .wav files with a number of different applications, including RealPlayer, Audacious, amaroK, and Banshee. Some versions of openSUSE do not include mp3 support for all these applications by default, in which case you will need to add the mp3 codec to your favorite player manually. However, the RealPlayer application (command realplay) always has built-in mp3 support. As well as playing files from disk, the RealPlayer application plays...
Output of the ifconfig Command
Eth0 Link encap Ethernet HWaddr 00 03 FF 69 68 12 inet addr 192.168.131.70 Bcast 192.168.131.255 Mask 255.255.255.0 i net6 addr fe80 203 ffff fe69 6812 64 Scope Link UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU 1500 Metric 1 RX packets 30256 errors 0 dropped 0 overruns 0 frame 0 TX packets 35690 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 1000 RX bytes 4048565 (3.8 Mb) TX bytes 34473633 (32.8 Mb) Interrupt 11 Base address 0x1080 lo Link encap Local Loopback UP LOOPBACK...
Diskless X Terminals
To act just as a display for programs that are running elsewhere does not require a great deal of physical resources the idea of using legacy hardware just to do this is an interesting one. We won't discuss this in any detail, but interest is growing in a thin-client approach to desktop computing using Linux. In a true thin-client situation, the client machine uses network booting to get its kernel, mounts its directory tree entirely across the network from a server by the Network File System...
Creating a Shared Mailbox
If you want to create a mailbox that is shared between certain users, use the cm command to create the mailbox and also set the access control list (ACL) for users on the mailbox. For example, if you have three users, justin, roger, and aimee, on the system, and you want them to be able to store and view messages in this folder, but not to be able to delete any, you can look up the access control codes in Table 17-1 and set the ACL on that folder using the sam command (set ACL on folder). I' SW...
Using a Windows Printer from Linux
To access a networked Windows printer from your Linux system using Samba, you must have created a printer definition entry for that printer using YaST. You can then print to it as you would to any other local or networked printer. To create a printer definition for a Windows printer after installing and configuring the Samba client software, follow these steps 1. Start YaST's Printer module (from the Hardware menu or using the command yast2 printer). This launches the dialog box shown in Figure...
Running Microsoft Windows Applications with Wine
According to the Wine web site at www.winehq.org Wine officially stands for wine is not an emulator. Wine is an open source implementation of the Windows API on top of X, OpenGL, and Unix. Think of Wine as a compatibility layer for running Windows programs. Wine does not require Microsoft Windows, as it is a completely free alternative implementation of the Windows API consisting of 100 percent non-Microsoft code. However Wine can optionally use native Windows DLLs if they are available. Wine...
User Authentication
A common requirement is to add user authentication so that only known users within the network can get web access via Squid. The simplest way to do this is to make use of whatever authentication methods are available on the machine where Squid is running, using PAM (Pluggable Authentication Modules). To do this, you need something like the following in etc squid squid.conf auth_param basic program usr sbin pam_auth This line says that you should use PAM for authentication Whatever...
Working with the Winbind Daemon
The Winbind daemon, winbindd, enables the Linux name switch service (nsswitch) to retrieve user and group information from a Windows primary domain controller (PDC). This provides a networked authentication mechanism similar to the Network Information System (NIS and NIS+) often used in computing environments that make heavy use of Sun's Network File System (NFS). The Winbind daemon enables Windows users to log in on a Linux machine using the Windows credentials provided by the PDC without...
The Cname Record
To create an alias of a host so that a lookup returns the same IP address, you use a CNAME record. It is an alias for a host name, and we have found it most commonly used to define the address www.hostname.tld when the web server is on the same host as the DNS server. When you have it composed, the zone file can be saved as a standard text file. You then need to add the zone to the named.conf file so that BIND can load and serve the zone to the network.
The CUPS Logs
CUPS logs its activity in three log files var log cups access_log, var log cups page_log, and var log cups error_log. The names are self-explanatory. The file access_log shows access to the CUPS server in a rather similar way to the Apache web server logs. It shows the requesting host name and the date for each access to the CUPS server. The file page_log shows the user and the job name, as well as the number of pages printed. Each page printed shows in the file as a serial number against the...
YaST Modules
The YaST system is split into nine main menus, each one providing a number of modules. i- i j If you want to load a YaST module without loading the main menu, you can enter 'j- .,.',' . yast2 modulename. For a list of modules available in your installed YaST environment, type yast2 -l. Most (but not all) of the module names are fairly self-explanatory. To load the software management module, type yast2 sw.single. Tables 9-1 through 9-9 comprise a list of YaST modules (as seen on an openSUSE...
Framebuffer Graphics
Any VESA2-compliant graphics adapter is capable of providing framebuffer graphics. Framebuffer graphics provide an abstraction layer for the graphics hardware in your computer system and provide an easy way for X to interact with and control your graphics hardware. If nothing else works, this is your best chance of getting graphics configured, but may not take advantage of any specialized features of your hardware. If you need to use framebuffer graphics, you can specify a graphical resolution...
Using SWAT
Samba includes a nice web-based configuration tool called Samba Web Administration Tool (SWAT). This service is controlled by xinetd, and is enabled from YaST by running YaST's inetd module (from the Network Services menu, or yast2 inetd from the command line). Run this module, choose Enable so that xinetd services will be available, select swat in the list, and Toggle Status so that it is switched on (see Figure 18-11). Setting up SWAT in YaST's inetd moduIe Network Service Configuration C&...
Using dig
The dig program replaces the older nslookup application. With dig, you can query specific record types in a DNS zone. To query a specific record type, use the -t option. For example To query the mail exchanger (MX) record of palmcoder.net, use dig -tmxpalmcoder.net. For a name server (NS), use dig -t ns palmcoder.net. For an address record (A), use dig -a www.palmcoder.net. bible dig test.smuvelious.org < < > > DiG 9.3.4 < < > > test.smuvelious.org global options printcmd Got...
Etcinitdrc6d
The directories associated with different runlevels contain both scripts that the init process will execute when entering a runlevel (known as Start scripts) and scripts that it will execute when it leaves a runlevel (known as Kill scripts). Start scripts are scripts whose name begins with an uppercase S. Kill scripts are those whose name begins with an uppercase K. j r - - r When we say enters and leaves with respect to runlevels, we are talking about , changing from one runlevel to another...
Customizing emacs
If you've ever gone to the desk of any emacs aficionado and used emacs there, you've probably noticed that it doesn't seem to work the same way for them as it does on your system. The reason for this is that emacs is the most configurable editor in existence. Not only does emacs provide a rich configuration language for changing the commands that different keys are associated with (known as key bindings), but it also includes a complete implementation of the Lisp programming language that makes...
Testing an MTA from the Command Line
You can test a remote mail server from the command line by using telnet to connect to it on port 25. Suppose you want to test the mail server for the domain disruptive.org.uk. First, you can look up the mail server for that domain with the dig command (see Chapter 21) The relevant part of the output that you get is ANSWER SECTION disruptive.org.uk. 172800 IN MX 10 a.mx.disruptive.org.uk. disruptive.org.uk. 172800 IN MX 20 b.mx.disruptive.org.uk. So the preferred mail server for the domain is...
P
Compiling source, 72-73 defined, 319 extracting files from, 71 -72 installing with YaST, 69 package manager (YaST), 26-28 RPM, 69-71 packets (firewalls) forwarding, 609 -610 logging dropped, 613 -614 packet filters, 600 packets (IP), tracing on networks, 433-434 PADL, 633 page log (CUPS), 536 pager commands, 60 palmcoder.net Zone, 563 PAM. See Pluggable Authentication Modules global (SWAT), 517-518 kernel, at boot time, 725 positional, defined, 401 paravirtualization, defined, 684, 701 Park,...
Creating Users and Groups
You can most simply create a new user using YaST's user module. Start YaST and choose the users and groups option. You might want to create a user with the username guest and the real name Guest User. YaST will create the user according to your instructions and also create a home directory home guest for the new user with a skeleton of configuration files in it. This skeleton is copied from the directory etc skel but has the ownership of the new user (user guest, group users) applied to it once...
Stopping Spam
Spam, or unsolicited commercial e-mail (UCE), is the bane of any Internet user's life, and an administrator is more than aware of how much mail is worthless junk. To combat this, you can use Postfix's UCE controls to limit the amount of spam that travels through your systems. We have already touched upon the restriction of relaying through your mail server, which is part of the problem of spam. Another way to stop spam is by making sure connections to the mail server are true to the RFC SMTP...
Command Line Installation Tools
As noted before, typing yast -i < packagename> will install a package and its dependencies automatically, but it does this by calling YaST, which starts, does the work, and then exits. A genuine command-line interface to package management and dependency and repository handling will be familiar to users of the Debian and Ubuntu distributions in the form of Debian's apt-get command, based around Debian's dpkg package management system and repository infrastructure. In the past, users of...
Psnup and mpage
Although technically off topic for this section, this is a good place to mention psnup and the other PostScript utilities in the psutils package. psnup can take a PostScript file and create a new file with multiple pages per physical page. If you want to save trees and toner, this is something you may often want to do. For example puts four pages of file.ps per physical page in the output file. For reasons known only to SUSE, SUSE distributions do not ship with mpage, which does what psnup...
Extracting Files from Packages
An easy way to extract files from packages is with mc midnight commander , a text-based file manager that has the nice feature that explores inside various types of archives and packages, including RPM packages. So if you start mc in a directory in which there is an RPM package, as shown in Figure 2-1, you can examine the package using mc, as shown in Figure 2-2, and copy or read a text file from within mc. r -,. r - - The mc file manager is also discussed in Chapter 13. V me - -fteltwirefmpape...
Userclient rpcinfo p bible
If you don't see entries for nfs and mountd in this listing, then something is seriously wrong perhaps the NFS server has not registered itself with the portmapper. Try stopping the NFS server, the portmap service, and the network, and then starting them in the reverse order.
Vsftpd as an Anonymous FTP Server
An FTP server is most commonly used as a server for anonymous downloads. We look at this setup first. An anonymous FTP server is a server that allows anyone to log in with one of the two standard usernames ftp or anonymous and download files. If you use a browser to access an anonymous FTP site, the browser passes the login information to the site without the user having to think about it. User FTP, which we consider later, refers to an FTP server on which specified users have accounts that...
Using the CUPS Web Interface
The CUPS web interface can be viewed from a browser using port 631 see Figure 19-8 . By default, SUSE's settings allow only administrative changes through the browser interface when connecting from the local machine. This can be changed in the cupsd.conf file, but for now we will look at administering the server from a browser running on itself. So from the local machine, you need to browse to http localhost 631. Some of the functions that are available simply provide information. Others can...
The CUPS Command Line Tools and Configuration Files
CUPS also provides a set of command-line tools that can do all the administration that the web interface allows. These are the commands provided by the cups-client package. In particular, the lpinfo, lpadmin, and lpoptions commands provide the functionality that the web interface provides, but from the command line. In general, to avoid problems, you should use the available tools in the following order of preference The YaST printer module for basic setup The CUPS command-line tools In other...
Squid Log Reader Scripting Example
The Squid web proxy produces a log file that is not very readable. There are plenty of tools out there that turn the output of the Squid log into other formats including nice web output, but we wanted something simpler just to be able to quickly look at the sites visited and the dates and times by a particular client on the network 192.168.2.4 . The Squid log contains entries like these 1058269843.343 54782 192.168.2.4 TCP_MISS 000 0 POST -DIRECT journeyplanner.tfl.gov.uk - 1058269847.816 40315...
Putting It All Together
We have talked about many technical aspects of Linux in the book, and this chapter has been included for two reasons to help you see where Linux fits in with the enterprise, and to help you see where the components we have talked about fit into a typical organization. The final part of this chapter deals with the best practices we have come across for Linux in the enterprise. A typical organization's IT infrastructure relies heavily on three things file and print services, e-mail, and user...
Troubleshooting DHCP Clients
Most of the problems that you may see in DHCP environments are related to DHCP clients that somehow retrieve erroneous information from a DHCP server. This is almost always the result of people starting DHCP servers on other systems that either serve the same range of IP addresses as your DHCP server or serve an entirely different set of IP addresses. If a DHCP client on your system retrieves an IP address that is in the same range as those delivered by your DHCP server but any other aspect of...
Starting and Stopping DHCP Clients
To be able to use DHCP, your client machines must know how to actually send DHCP requests to the network for configuration. In SUSE, you can use the Network Configuration of YaST Network Devices O Network Card to configure a network interface to use DHCP. Another useful way to send a DHCP request is with ifup-dhcp and ifdown-dhcp. If you are using a wireless network, or you want to bring up a network interface temporarily using DHCP, then you can use the ifup-dhcp command Starting DHCP Client...
Troubleshooting DHCP Servers
If clients cannot contact the DHCP server, the dhcping utility that is part of the dhcp-tools package may be useful. Here is an example of how this is used dhcping -h 00 15 C5 0C 2F 5A -c 192.168.1.66 -s 192.168.1.254 Got answer from 192.168.1.254 Roughly this means Is the server -s 192.168.1.254 willing to provide the address 192.168.1.66 to the client -c with hardware address -h 00 15 C5 0C 2F 5A In this case, the reply was affirmative. For more details of how to use this tool, see the man...
Viewing the ARP Cache
Address HWtype HWaddress Flags Mask Iface 192.168.0.1 ether 00 00 0F 00 00 01 C eth0 192.168.0.233 ether 00 00 0F 00 00 02 C eth0 Here, you have told arp to not resolve machine addresses as this will slow down the operation. Most network-based operations can use the -n parameter to stop host name lookups. i- i , If you want to remove an entry from the ARP cache if the machine is taken A-j '3 . 'CV-.w-j down and another machine has the IP address associated with a stale hardware address , you...
