THIS IS MOSTLY JUST A COMPILATION OF STUFF I GOT OFF THE INTERNET. ------------------------------ Kernel compile ...... ------------------------------ tar xjvf linux-. cp -R linux-. /usr/src cd /usr/src rm linux ln -s linux-. linux make mrproper make gconfig (xconfig) make bzImage make modules make modules_install make install (or below) # pwd #/usr/src/linux-2.6.0-test4 # mv arch/i386/boot/bzImage /boot/bzImage-2.6.0-test4 # mv System.map /boot/System.map-2.6.0-test4 # cd /boot # rm System.map # ln -s System.map-2.6.0-test4 System.map #add link to grub.conf --------------------------------- Common "package" commands ...... --------------------------------- rpm -ihv sfaljfsald.rmp tar -xzvf lasfdjlafdsj.tar.gz tar -xvf alsdfj.tar tar -xjvf alklfdsaj.tar.b2z unrar x asdldlsfakjfsd.rar 7za x blah.7z bchunk BIN CUE NAME vcdxrip -b BIN -o OUTPUT mount -t iso9660 /home/sancho/downloads/reactos.iso /mnt/disk/ -o loop ----------------------------- CD Burning/Ripping/Mastering ----------------------------- BINs and CUEs > # cdrdao write --device /dev/hdc image.cue VCD from MPEG > vcdxbuild > # cdrdao write --device /dev/hdc image.cue ISO's > cdrecord dev=/dev/hdc isoimage.iso Making an iso-image from an existing cd > # dd if=/dev/hdc of=/home/user/isoimage.iso Make an ISO out of a folder > # mkisofs -J -R -o isoimage.iso ~/folder ------------------------------ Wireless using NDISWRAPPER ------------------------------ Dowwnload the cvs ndiswrapper to a file callled ndiswrapper If you have installed a previous ndiswrapper, uninstall it by running "make clean" in that directory I created an file in "/etc/sysconfig/network-scripts/" called ifcfg-wlan0 and this is what it contains DEVICE=wlan0 BOOTPROTO=dhcp onBOOT=no MODE=Managed ESSID=any Basically I want dhcp to automatically detect and configure wlan0. Go to the ndiswrapper directory as root and somewhat follow the instructions # make install # ndiswrapper -i /etc/ndiswrapper/bcmwl5/bcmwl5.inf <--windows driver # ndiswrapper -l # modprobe ndiswrapper # dmesg --you will see a log about the driver been loaded if you do # ndiswrapper -m # iwconfig -- to make sure you device is recognized and finally # ifup wlan0 -------------------------- Disable ACPI -------------------------- at install prompt linux acpi=off nolapic napic --------------------------------------------------- X Forwarding. Running a graphical app over SSH --------------------------------------------------- The client has to run an X server. ssh -X -Y username@server graphical app name. -------------------- VNC -------------------- VNC server vncserver :1 -geometery 800x600 (start manually or add to startup script) client serverip:1 X11VNC http://www.karlrunge.com/x11vnc download and install. exports current display to vnc server. x11vnc x11vnc stop How can I use x11vnc to connect to an X login screen like xdm, GNOME gdm, KDE kdm, or CDE dtlogin? (i.e. nobody is logged into an X session yet). Continuously. Have x11vnc reattach each time the X server is restarted (i.e. after each logout): To make x11vnc always attached to the the X server (please consider the security implications of this!) including the login screen you will need to add a command to the display manager startup script. The name of the script file depends on desktop used and seem to be: GNOME /etc/X11/gdm/PreSession/Default KDE /etc/kde*/kdm/Xsetup XDM /etc/X11/xdm/Xsetup CDE /etc/dt/config/Xsetup although the exact location can depend on operating system and distribution. See the documentation for your display manager: gdm(1), kdm(1), xdm(1), dtlogin(1) for additional details. The above Dtlogin*grabServer:False step will be needed for dtlogin here as well. There may also be display number specific scripts: e.g. Xsetup_0 vs. Xsetup. In any event, the line you will add to the script will look something like: /usr/local/bin/x11vnc -rfbauth /path/to/my/vnc/passwd -forever -bg where you should customize the exact command to your needs. You may want to redirect the x11vnc output to a separate log file for debugging. In that case replace the -bg above with something like: 1>> /var/tmp/x11vnc.log 2>&1 & (or use the "-o logfile" option). If you do not want to deal with the display manager startup scripts, here is a kludgey script that can be run manually or out of a boot file like rc.local. x11vnc_loop It will need some local customization before running. Because the XAUTHORITY auth file must be guessed by this script, use of the display manager script above is preferred. /usr/local/bin/x11vnc -forever -bg -scale 2/3 -shared VNC SERVER ON FRESH MDK OR FEDORA http://faq.gotomyvnc.com/fom-serve/cache/1.html vim /etc/sysconfig/vncservers change commented out thing to 1:username_to_export su that user if you are not them start vncserver vncserver :1 set password stop vncserver vncserver -kill :1 test server script /etc/init.d/vncserver start/stop if it works set service to start at boot using fedora or mdk service manager. # Edit ~/.vnc/xstartup # For KDE, replace "twm &" with "startkde &" # For Gnome, replace "twm &" with "exec gnome-session &" # Kill any existing VNC servers with "vncserver -kill :xxx" where xxx is the display number. # Start a new server connet using vncviewer ipaddress:1 or whatever you choose to export ---------------- QUOTAS ---------------- [root@bigboy tmp]# init 1 Edit Your /etc/fstab File Old fstab LABEL=/home /home ext3 defaults 1 2 New fstab LABEL=/home /home ext3 defaults,usrquota 1 2 Remount The Filesystem [root@bigboy tmp]# mount -o remount /home Create The Partition Quota Configuration Files [root@bigboy tmp]# touch /home/aquota.user [root@bigboy tmp]# chmod 600 /home/aquota.user Make Linux Read The Quota Config File [root@bigboy tmp]# quotacheck -vagum Edit The User's Quota Information [root@bigboy tmp]# edquota -u mp3user Blocks: The amount of space in 1K blocks the user is currently using. Inodes: The number of files the user is currently using. Soft Limit: The maximum blocks/inodes a quota user may have on a partition. The role of a soft limit changes if grace periods are used. When this occurs, the user is only warned that their soft limit has been exceeded. When the grace period expires, the user is barred from using additional disk space or files. When set to zero, limits are disabled. Hard Limit: The maximum blocks/inodes a quota user may have on a partition when a grace period is set. Users may exceed a soft limit, but they can never exceed their hard limit. Return to your original run state by using either the "init 3" or "init 5" commands. Linux doesn't check quota usage each time a file is opened, you have to force it to process the aquota.user and aquota.group files periodically with the quotacheck command. You can setup a cron job. [root@bigboy tmp]# edquota -t Grace period before enforcing soft limits for users: Time units may be: days, hours, minutes, or seconds Filesystem Block grace period Inode grace period /dev/hda3 7days 7days [root@bigboy tmp]# repquota /home *** Report for user quotas on device /dev/hda3 ------------------------------ INSTALLING NVIDIA DRIVER ------------------------------ sh NVI...... or sh NV..... -k (kernel name) kernel and module must both be built by same version of GCC ------------------------------ MOUNTING ------------------------------ MOUNTING SMB mount -t smbfs -o username=Administrator,password= //winsrv/Storage\ \(D\) /mnt/smb/winsrv/ sudo mount -t cifs -oUsername=DOMAIN\user //testserver1/ramdrive /mnt/test/ mount -t cifs -o user=DOMAIN\\user //testserver2/share /mnt/smb/ FORCE UNMOUNT fuser /mnt/cdrom - force unmount MOUNTING NFS mount 192.168.1.123:/backup -o user,tcp,rw,rsize=16384,wsize=16384 /mnt/nfs/backups MOUNTING USB FLASH su modprobe usb-storage mkdir /mnt/usbdrive mount /dev/sda /mnt/usbdrive -------------------------- HDPARM OPTIMAL SETINGS --------------------------- hdparm -c 1 -B 255 -k 1 -M 254 -p 4 -d 1 /dev/hda -------------------------- GREP / FIND Basics -------------------------- GREPING FILES FOR STUFF grep -i ".*Accept*." /var/log/syslog | less FINDING A FILE find / -iname *Accept* find / -iname -mount *Accept* ----------------------------------------------- ALLOW ROOT AND OTHER USERS TO ACCESS X APPS ----------------------------------------------- xhost + su do normal stuff ------------------------ SET DATE AND TIME ------------------------ date MMDDhhmm date 09262311 ------------------------------ CHANGE FLUXBOX BACKGROUND ------------------------------ fbsetbg -C /usr/share/wallpapers/3d_659.jpg ----------------------- DISTRO PACKAGE MANAGERS ----------------------- Slackware: linuxpackages.net pkg pkg -i = install pkg -u = upgrade pkg -r = remove installpkg removepkg pkgtool gslapt slapt-get slapt-gui Debian: add sources to /etc/apt/sources.list apt-get update apt-get install apt-get remove apt-get upgrade apt-get dist-upgrade manual -- dpkg --install packagename from rpm: alien -di rpm aptitude synaptic Source: tar -xzvf filename cd to directory ./configure make make install RPM: rpm -ihv = install rpm -Uhv = upgrade rpm -e = remove synaptic / yast (if suse) Mandrake: urpmi package = install urpmie package = delete urpmiq package =gets info RH: synaptic yum add sources to yum.conf yum check-update yum update yum install yum search yum provides so? yum remove yum info ------------------------------------- BLACKLISTING IPS USING IPTABLES -------------------------------------- iptables -A INPUT -s -j drop -to add to end of ruleset iptables -I INPUT -s -j drop -to add to top of ruleset script --- #!/bin/bash if [ -f badips.txt ] then for BAD_IP in `cat badips.txt` do iptables -A INPUT -s $BAD_IP -j DROP done else echo "Can't read badips.txt" fi ---add bad ips to file. run script at startup. rc.local. ----------------------------------- RSYNCING A WEBSITE. MIRRORING ------------------------------------ http://www.howtoforge.com/mirroring_with_rsync --Mirror - test rsync rsync -avz -e ssh someuser@server1.example.com:/var/www/ /var/www/ source destination. --Create key on mirror mkdir /root/rsync ssh-keygen -t dsa -b 2048 -f /root/rsync/mirror-rsync-key --Copy key to main server scp /root/rsync/mirror-rsync-key.pub someuser@server1.example.com:/home/someuser/ --Server add key to authorized keys (as owner of the home dir) mkdir ~/.ssh chmod 700 ~/.ssh mv ~/mirror-rsync-key.pub ~/.ssh/ cd ~/.ssh touch authorized_keys chmod 600 authorized_keys cat mirror-rsync-key.pub >> authorized_keys rsync -avz --delete --exclude=**/stats --exclude=**/error --exclude=**/files/pictures -e "ssh -i /root/rsync/mirror-rsync-key" someuser@server1.example.com:/var/www/* /var/www/ --Add this stuff to a cron job on the mirror. Test the cron job. Test the mirrored site. Any php scripts that don't work...copy their setup files outside of the webroot and modify them so they will work on the mirror server. Should only be one or two vars from one or two files from each script. Setup a 2nd cron job on the mirror server that will cp -f these files overtop of the rsynced ones (this will create some upgrade issues.) Make sure that all files on the mirror are owned by webserver. chown -Rf apache:apache. MySQL backups add more fun to the mix. Need a cron job script on the server and on the mirror. Make sure the mysql dump script runs on the server before the rsync command runs on the miror. Also make sure you add another cron job to delete the dumped file. --MYSQL WORKAROUND: create an account with the same username and password combo on the mirror. if the server doesn't use 127.0.0.1 as the mysql server add an entry to the /etc/hosts file for the domain and 127.0.0.1 on the mirror. --------------------------- RSYNC TIDBITS --------------------------- exclude and using a key rsync -avvvvz --exclude="*downloads*" --exclude="*music*" -e "ssh -i /home/dminnich/.ssh/home_server" /data/personal dminnich@192.168.1.11:/storage/documents/work/ using a key and keeping acls, perms, etc. rsync -vaHxAXE --progress -e "ssh -i /root/.ssh/key" root@192.168.1.11:/md2/lv15/ /md2/lv29/ ----------------- RPM REPO NOTES ----------------- List keys the OS knows about: gpg -K Checking package signatures: rpm -Kvv ./*rpm Resign rpms: rpm --resign ./*rpm Check again. All things above must match. Create the repo: --[root@server centos-5]# pwd --/root/centos-5 --[root@server centos-5]# ls --i386 srpms x86_64 /usr/share/createrepo/bin/createrepo x86_64/ ---------------------- ----------------- NETCAT ----------------- Copying: in DESTINATION directory: nc -l -p 33333 | tar -xvf - in one level above SOURCE directory: tar -cvf - foldertocp/ | nc 192.168.1.11 33333 Port scan: nc -v -w 1 localhost -z 1-3000 Fake web server: while true; do nc -l -p 80 -q 1 < error.html; done ------------------- IPTABLES RULE LIST ------------------- iptables -L --verbose --numeric ---------------------- LDAP COMMANDS ---------------------- ADD A ENTRY FROM A FILE ldapadd -W -x -D "cn=Manager,dc=dept,dc=org,dc=com" -f newrec.ldif show all entries ldapsearch -x -b 'dc=dept,dc=org,dc=com' 'objectclass=*' search for an entry ldapsearch -x -b 'dc=dept,dc=org,dc=com' 'cn= Dustin Minnich' DELETE AN ENTRY. LAST PART NEEDS TO BE FULL DN ldapdelete -W -x -v -D 'cn=Manager,dc=dept,dc=org,dc=com' 'uid=dminnich,ou=People,dc=dept,dc=org,dc=com' -------------------------------------- BOOT DRIVE CLEANUP -------------------------------------- find ./* -iname "*2.6.9-42*" | xargs rm -f - ----------------------------------------- RDIFF Fixing ----------------------------------------- AS BACKUP ACCOUNT COMMENT OUT CRONTAB BACKUP see if its running.... ps aux | grep rdiff see if it fixed itself... rdiff-backup -l /destination/ revert back.... rdiff-backup -v 7 --check-destination-dir /destination/ manual backup.... rdiff-backup -v7 --print-statistics --exclude-globbing-filelist sourceserver-exclude.fileglobs root@sourceserver::/ /desitnation/ rdiff-backup --list /destitnation/ -------------------------------------- PORTS THAT APPLICATIONS HAVE OPEN -------------------------------------- lsof -i -nP -------------------------------------- GOOD QUICK NMAP SCAN --------------------------------------- nmap -sS -sU -v -v -O -g 80 192.168.1.111 > /tmp/192.168.1.111 nmap -sP 192.168.1.0/24 --------------------------------------- CLAMAV SCAN COMMAND --------------------------------------- clamscan --verbose --log=/root/clamscan.log --tempdir=/tmp --exclude-dir=/nfs --exclude-dir=/mnt --exclude-dir=/proc --exclude-dir=/sys --exclude-dir=/dev --exclude-dir=/home --recursive=yes --infected --detect-pua=yes --detect-structured=yes --structured-ssn-format=2 --scan-mail=yes / egrep -v Scanning /root/clamav.log -------------------------- GREP SHOW NO COMMENTS --------------------------- grep -Ev “^$|^#” /etc/my.cnf ---------------------------------------------------- TUNE2FS TWEAKS DISABLE FSCK DISABLE ROOT RESERVE ---------------------------------------------------- tune2fs -c 0 -i 0 -m 1 REMOVE ROOT RESERVE tune2fs -m 0 /dev/partition ----------------------------------------- GLOBBING AND DOT(.) FILES ----------------------------------------- tar -cvf ../config_files_server.tar * .??* ------------------------------------------- GMAIL FETCHMAILRC ------------------------------------------- poll imap.gmail.com with proto IMAP user 'your.account@gmail.com' there with password 'yourpassword' is linuxmachineaccount here options fetchall keep ssl sslcertck sslcertpath /home/sancho/.certs/ folders "[Gmail]/All Mail" ------------------------------------------- MDADM AND LVM COMMANDS ------------------------------------------- mdam --create --verbose /dev/md4 --level=0 --raid-devices=2 /dev/sda1 /dev/sdb1 cat /proc/mdstat mdadm /dev/md0 --fail /dev/sda1 --remove /dev/sda1 mdadm /dev/md0 --add /dev/sda1 pvscan pvcreate /dev/md0 pvdisplay vgscan vgcreate Volume00 /dev/md0 vgdisplay lvscan lvcreate -L10G -n LogVol01 Volume00 lvdisplay lvremove /dev/Volume00/LogVol05 umount /md0/lv00 lvextend -L+5G /dev/Volume00/LogVol00 fsck.ext3 -f /dev/Volume00/LogVol00 resize2fs /dev/Volume00/LogVol00 mount /md0/lv00