Linux Made Easy

What is SMF and how it works

2009-08-07T03:37:00.001-07:00

What is SMF and how it works

Traditionally unix operating systems included set of services, program which listens and respond to request to perform some tasks. For example network,sshd, webserver etc.

Most of unix platforms support rc.d structure to start, stop and to manage it.
But Solaris 10 has implemented new unified feature called Service Management(SMF), still they support rc.d for compatibilty but I think in future they put all services under SMF.

So how SMF is different from traditional rc.d:
SMF is of self healing, it provides automatic recovery from software and hardware failures.
You can get more information about one service, like its dependencies, log locaton etc.
Provides information about misconfiguration so You can identify the reason of failure.

TO manage SMF you can use below commands:

svcs -a -- List of services installed on system
svcs -l -- To get more information
svcadm enable -- To start the service
svcadm disable -- To disable the service
svcs -x -- More information about failure

So when you give command svcs -a, you will realize some weird service names like this

svc:/system/cron:default

This is called Fault Managed Resource identifier(FMRI), it used to identify system objects.

So if you want to stop or restart this service, you can use

svcadm disable svc:/system/cron:default
svcadm refresh svc:/system/cron:default

Using screen on Linux ...Experience Remote Assistance in CLI

2008-09-11T06:45:00.000-07:00

Below are the steps to attach two Linux shell sessions with screen.
Its like Remote Assistance in CLI.

1. Open two terminals with same login.

2. Run ps on both terminals.

3. Run screen -S on 1st terminal.

4. Run cd /var/run/screen/S-; ls on 2nd terminal.

5. Look for 1st terminal's bash PID entry.

6. Run screen -x on 2nd terminal.

Shell script to monitor ur lab machines

2008-06-12T03:30:00.000-07:00

Hello PPL,

After long time I addin new post. Below is the shell script using this can monitor server n their uptime.

[
#!/bin/bash

# add ip / hostname separated by while space
HOSTS="172.30.0.62 172.30.0.41 solaris netra1 172.30.0.76 172.30.0.114 aix"

# no ping request
COUNT=1

# email report when
SUBJECT="Ping failed"
EMAILID1="jack@knowlinux.com"
for myHost in $HOSTS
do
count=$(ping -c $COUNT $myHost | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }')
if [ $count -eq 0 ]; then
# 100% failed
echo "$myHost is not reachable"
echo "Host : $myHost is down (ping failed) at $(date)" | mail -s "$SUBJECT" $EMAILID1 $EMAILID2 $EMAILID3
fi
done
]

shell script using expect for cvs automation

2006-12-27T20:56:00.000-08:00

Hello PPL,

I always have to check the cvs status using cvs status command, so I tried to automate these things using expect

Expect is a tool for automating interactive
applications such as telnet, ftp, passwd, fsck, rlogin, tip, etc. Expect really
makes this stuff trivial. Expect is also useful for testing these same
applications. And by adding Tk, you can also wrap interactive applications in
X11 GUIs.
Home page http://expect.nist.gov/

#!/bin/bash

status=$(expect -c "spawn cvs -z9 -d :ext:blog@cvshostname:/path/cvsroot status
expect {password: { send \"password\r\"; exp_continue }
}
exit
")
echo ""
echo "$cvsstatus" > cvsstatus.txt

###continue your shell script after here####

####exit from script#######

Same you can use with ssh, telnet or ftp.
Let me know if some one have better thing with expect package because I am also new with scripting and expect :(

Thanks

what is superblock and how to recover it

2006-10-18T22:23:00.000-07:00

Hello EB,

The scope of this article not covers about the basic things about file system, but its about troubleshooting of currupt file system.
So, when you create file system on hard drive it will sub devided into multiple file system blocks.
Blocks are used for -
1. To store user data
2. Some blocks used for to store file system's metadata.
(Metadata is kind of structure of your file system and it contents superblock, indoes and directories)

Superblock - Each of your filesystem has a superblock. File system like ext2. ext3 etc. Superblock contents the information about file system like -
* File system type
* Size
* Status
* Information about other metadata

Now you will guess that how important is superblock for your filesystem, if that is that currupt then you may not able to use that partition or may you will error while tring to mount that filesystem.
Following are some errors when superblock get currupts or some bad sectors
- You cant able to mount the filesystem, it will refuse to mount
- Filesystem gets hang
- Sometimes though you are able to mount that filesystem, but strange behavior occures.

These kind of errors occures because of bunch reasons. Most of the time fsck works fine for these errors -
$e2fsck -f /dev/hda3

(-f option for forcefully checking even filesystem seems clean)

Now fsck doesnt work because of lost of superblock, what you will do??
Note that Linux maintains multiple redundant copies of the superblock in every filesystem. You can find out this information with this following command -
$dumpe2fs /dev/hda6 grep -i superblock
dumpe2fs 1.32 (09-Nov-2002)
Primary superblock at 1, Group descriptors at 2-2
Backup superblock at 8193, Group descriptors at 8194-8194
Backup superblock at 24577, Group descriptors at 24578-24578
Backup superblock at 40961, Group descriptors at 40962-40962
Backup superblock at 57345, Group descriptors at 57346-57346
Backup superblock at 73729, Group descriptors at 73730-73730

To repair file system by alternative superblock
$e2fsck -f -b 8193 /dev/hda6

(Take backup using dd before doing running commands)

If you are using Sun Solaris, as My experience frequent power failure can get you hell :-( . I am using old sparc and one time in month I have run fsck using commands as per my last blog. So if your Sun Solaris lost the superblock then boot from cdrom or network, to retrive information about your filesystem's superblock give following command -
$newfs -N /dev/rdsk/devicename

Now use alternative superblock
$fsck -F ufs -o b=block-number /dev/rdsk/devicename

okie guys, hope this information helps somebody.

smb partition mounting using mount command

2006-10-17T06:13:00.000-07:00

Hello EB,

Here is the useful commands when you want to browse the smb shared files using user name, password and even you can specify specific domain -

smbclient -W domain -L smbhost(IP) -U vishalh
mount -t smbfs -o username=amolk,password,workgroup=domain //smbhost(IP)/share /mnt

Sun Solaris - Solution for fsck error at boot time

2006-10-04T22:57:00.000-07:00

Hello EB,

Most of time we get some problems with Sun solaris machines at boot time, generally it because of bad sectors or damaged file system. Machine go into File system repair option, so deal with these kind of problems use following commands -

fsck -F (ufs/vxfs) /dev/rdsk/(partition)

noninteractive :fsck tries to repair all the problems it finds in a file system without stopping for user response useful in case of a large number of inconsistencies in a file system but has the disadvantage of removing some useful files which are detected to be corrupt .
If file system is found to have problem at the booting time non interactive fsck fsck is run and all errors which are considered safe to correct are corrected. But if still file system has problems the system boots in single user mode asking for user to manually run the fsck to correct the problems in file system

fsck -F (ufs/vxfs) -Y /dev/rdsk/(partition)

Please use this option at your own risk because it will consider "yes" option for every qwestion so your filesystem might get modified.
Some fsck options as follows -

fsck [ -F fstype] [-V] [-yY] [-o options] special
-F fstype type of file system to be repaired ( ufs , vxfs etc)
-V verify the command line syntax but do not run the command
-y or -Y Run the command in non interactive mode - repair all errors encountered without waiting for user response.
-o options Three options can be specified with -o flag
b=n where n is the number of next super block if primary super block is corrupted in a file system .
p option used to make safe repair options during the booting process.
f force the file system check regardless of its clean flag.
special - Block or character device name of the file system to be checked/repaired - for example /dev/rdsk/c0t3d0s4 .Character device should be used for consistencies check & repair
phases:
fsck checks the file system in a series of 5 pages and checks a specific functionality of file system in each phase.
** phase 1 - Check Blocks and Sizes
** phase 2 - Check Pathnames
** phase 3 - Check Connectivity
** phase 4 - Check Reference Counts
** phase 5 - Check Cylinder Groups

Benchmark chart of Linux v/s Windows

2006-09-06T22:36:00.000-07:00

Hello EB,

I have both Linux and windows while running webserver. In this senario, the overall size of one million files was about twice as large as the 2 GB of main memory. The total number of requests in test runs for which a reboot had previously cleared the buffer cache was clearly below 500,000. Files would generally have to be loaded from hard disk before being sent through the net.
In this setup, the freeware system clearly shows better results: While NT can hardly manage more than 30 requests per second, Linux can handle more than 166. With 512 client processes, it even manages 274 pages per second. Since more than 400,000 pages are retrieved during this test, however, we cannot be entirely sure that the increase especially towards the end of the graph isn't down to a caching effect. But who would complain about an overly efficient buffer cache?
When calling CGI scripts, Windows NT is no match for Linux. As the load is not confined to kernel mode in this case, Linux can benefit from additional CPUs. The graph at the bottom nicely depicts the linear increase for a CGI script with integrated delay.

Remote installation of RHES4 64bit

2006-08-30T22:49:00.000-07:00

Remote installation of RHES4.2 64bit -

If that server is already having redhat version installed –

1. Copy kernel and initrd image in /boot directory (In my senario I already made RHES4u2.tar.gz gz file using /remoteinstall/Redhat4update2/images/pxeboot/* on my file server , you can use 1st CD of RHES4update2 top copy the kernel and initrd image)
172.30.0.62 - This is my file server

scp username@173.30.0.62:/remoteinstall/Redhat/RHES4u2.tar.gz
tar -xvzf RHES4.u2.tar.gz
cp pxeboot/* /boot/

2. Edit the /etc/grub.conf file. Go onto next line of splash image.
title rhes4
root (hd0,0)
kernel /vmlinuz vnc vncconnect=172.30.0.3 headless ip=172.30.0.127 netmask=255.255.255.0 gateway=172.30.0.1 dns=172.30.0.41 ks=http://172.30.0.131/ks4.cfg
initrd /initrd.img

Save the file and reboot the machine.

3. Now start you vncviewer into listen mode.
(Make following changes
1.Replace 172.30.0.3 ip with your desktop’s ip
2. Replace 172.30.0.127 with to the IP of the machine which you are installing.)

My kick start configuration file looks like this -
# Kickstart file automatically generated by anaconda.

install
nfs --server=172.30.0.62 --dir=/big2/Redhat/RHES4.u2_64
lang en_US.UTF-8
langsupport --default=en_US.UTF-8 en_US.UTF-8
keyboard us
rootpw --iscrypted $1$1zTBqKn5$lnZ052YwM6uILBON/khw0.
firewall --disabled
selinux --enforcing
authconfig --enableshadow --enablemd5
timezone --utc Asia/Calcutta
bootloader --location=mbr --append="rhgb quiet"
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
clearpart --all
part /boot --fstype ext3 --size=100
part /usr --fstype ext3 --size=15000
part / --fstype ext3 --size=5000
part /opt --fstype ext3 --size=2000
part /var --fstype ext3 --size=2000
part /tmp --fstype ext3 --size=2000
part swap --size=2000

%packages
@ compat-arch-development
@ admin-tools
@ system-tools
@ dialup
@ compat-arch-support
@ legacy-software-development
@ base-x
@ development-tools
e2fsprogs
kernel-devel
kernel

%post

Hope this will help somebody :)

rpm options

2006-08-24T00:02:00.000-07:00

Hello EB,

rpm is a powerful Package Manager, which can be used to build, install, query, verify, update, and erase individual software packages. A package consists of an archive of files and meta-data used to install and erase the archive files. The meta-data includes helper scripts, file attributes, and descriptive information about the package. Packages come in two varieties: binary packages, used to encapsulate software to be installed, and source packages, containing the source code and recipe necessary to produce binary packages.

Now most of famous distribution used rpm packages like redhat, suse and even lot free distributions like white box.

Following are some but basic option for rpm command -

rpm {-i--install} [install-options] PACKAGE_FILE ...
rpm {-U--upgrade} [install-options] PACKAGE_FILE ...

Sometimes you want to know which library uses which rpm packages or vice versa one rpm packages installs which libraries

#rpm -qf /usr/lib/libstdc++-2-libc6.1-1-2.9.0.so
compat-libstdc++-7.3-2.96.128

#rpm -ql compat-libstdc++-296-2.96-132.7.2
/usr/lib/libstdc++-2-libc6.1-1-2.9.0.so
/usr/lib/libstdc++-3-libc6.2-2-2.10.0.so
/usr/lib/libstdc++-libc6.2-2.so.3

Most of time you want to uninstall some rpm packages and you use rpm -e but it says there multiple packages are exist use

rpm -e --allmatches {rpm name}

Let me know if you have any queries with rpm commands,

hope these information will help you.

Thanks

Free E-Books To Download

2006-07-18T05:52:00.000-07:00

Hello Guys,

Check out this kool link for free e-books to download till 4th August 2006.
So hurry...

http://worldebookfair.com/Technical_eBook_Colleciton.htm

Cheers,

Desktop Linux Edition from Xandros

2006-07-06T08:14:00.000-07:00

Xandros Desktop Home Edition - Premium is a complete Linux desktop operating system that also includes the applications needed to work, communicate and play. Built on the stable and reliable Debian Linux platform, Xandros Desktop allows you to enjoy your digital lifestyle, the way you want to, without the hassles of viruses, spyware and other security threats. Xandros is fun and easy to use. It installs in just 4 clicks, and does not require any Linux or technical know-how. Discover how easily you will enjoy the beneﬁts of Linux and bring security and stability you can count on to your PC with Xandros Desktop.
Music · Photos · Video · Web · E-mail · Multimedia
The new home for your digital life is ready. From web surﬁng to auction bidding, photo taking to album making, video streaming to iPod syncing and e-mailing to online banking… Wherever your digital life may take you, Xandros Desktop is the secure and exciting gateway to your digital world.
For more information - www.xandros.com

Redhat Made It Easy

2006-07-06T07:59:00.000-07:00

Redhat made it easy.

You know Linux is reliable. You know it has security you can trust. In fact, nearly half of medium-sized businesses rate moving to Linux as either important or very important.* With the right experience and expertise, you can make the move, too.

The reputation of Linux in enterprise environments is rock solid. For its performance it has attracted some of the largest financial institutions. For its security it has been adopted by governments around the globe.

We believe small and mid-sized companies should have every advantage that the largest companies have with their technology: Performance, reliability, affordability, room to grow. Without compromise.

Redhat made it easy.

Keybank
Dave Seager
VP Manager of UNIX systems

Keybank is the 16th largest financial institution in the US with approximately 2000 branches and 22,000 employees. They needed to consolidate existing platforms and build bridges between existing systems. They looked at all the other Linux companies but quickly realized that Red Hat is the market leader and that there was no comparison. They also realized that running Red Hat Enterprise Linux 4 on Intel-based platforms gave them the best overall solution providing the highest performance, best cost savings, and the most choice.

Advantages to Linux Web Hosting

2006-07-04T23:33:00.000-07:00

What are the Advantages to Linux Web Hosting?

* Stability: Linux/Unix operating systems are very stable and robust. A web site housed on a Linux operating system will excellent up-time (of the order of 99.9%). Of course, other factors such as power supply, network operating center, and network load etc. also matter when it comes to maintaining the system uptime.
* Cost Effective: With Linux OS, there are no licensing fees as opposed to it's competitors. The Linux OS comes free of cost (or at very insignificant cost, usually cost of distribution). Free server applications such as FTP, Web Server, DNS Server, and File Server are also very stable. PLETH recommends the PLESK™ Control Panel (which does require licensing) for all of our web hosting accounts simply because it adds usability and flexibility to our clients. (see additional PLESK™ Control Panel information below)
* Compatibility: All types of file extensions (or scripts) can be used when using Linux web server. Commonly, the following extensions are supported: .cgi, .html, .htm, .pl, .php, .shtml, .asp (requires additional plug-in), .xml, and others as well as support for Microsoft Frontpage Extensions.
* Portability and Scalability: A web site designed to be hosted on a Linux based web server can be hosted on a Windows web server easily, where as the reverse is not always true. This provides flexibility for future growth.
* Most widely used and supported: Linux/Unix based web hosting is by far the most widely used OS in comparison to Windows based web hosting, and technical support can be a lot easier to locate should it be required.
* Scalability: A web site is dynamic. Usually, a web site starts with a few pages of html and grows over a period of time to suit our customers requirements. It is preferable to design a web site keeping this requirements in mind. A web site designed for compatibility with a Linux/Unix based web server meets the scalability requirement easily without making any site wide design changes.

What is web hosting

2006-07-04T23:29:00.000-07:00

What is the web hosting?

Web hosting is a service that provides individuals, organizations and users with online systems for storing information, images, video, or any content accessible via the Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center.

Types of hosting

FREE HOSTING :- just about all the free web hosting available is extremely limited when compared to paid hosting. Free web hosts generally require their own ads on your site, only allow web-based uploading and editing of your site, and have very tight disk space and traffic limits. Still, most people get their start via free web hosting

IMAGE HOSTING :- hosting only a few different formats of images. This type of hosting is often free and most require registrations. Most image hosts allow hotlinking, so that you can upload images on their servers and not waste space/bandwidth on yours.

SHARED HOSTING :- one's Web site is placed on the same server as several hundred other sites. A problem with another site on the server can bring all of the sites down. Shared hosting also brings with it some restrictions regarding what exactly can be done, although these restrictions are nowhere near as restrictive as for free hosting.

RESELLER HOSTING :- designed for those who want to become Web hosts themselves. One gets a large amount of space and bandwidth that can be divided up among as many sites as the user wants to put on his account. A reseller account is placed on the same server with other reseller accounts, just like with shared hosting but there are fewer accounts.
DEDICATED HOSTING: With dedicated hosting, one gets a server of one's own. They have no restrictions, except for those designed to maintain the integrity of the Web host's network (for instance, banning sites with adult content due to the increase risk of attack by crackers and grey legal issues for the ISP). Unless a separate plan is purchased from the host, the user is also generally on his own. This can be an expensive proposition, as the purchase of the dedicated server itself is generally far more expensive compared to shared hosting.

COLOCATED HOSTING :- This involves a server the user purchases himself and installs at the host's data center. Besides unmonitored reboots, the user must pay extra for many services dedicated hosting provides by default. Colocated hosting is generally chosen by people with server administration experience and those with more significant needs than which can be satisfied by dedicated or shared hosting. This is usually the most expensive and least cost effective option if you are not colocating many servers

Linux Hosting is considered to be one of the most stable and reliable hosting platforms around. It also has the additional advantages of not having to be licenced, being flexible, and supporting most programming languages.

What is the difference between Linux hosting and Windows hosting?

If you need to support Microsoft products such as ASP, ASP.NET, MS SQL, or VBScript or IIS, then Windows hosting fits your needs.
Linux is much more common with web hosts because of its stability and because itâ€™s free. Therefore, Linux hosting is usually cheaper than Windows.

What are PHP, ASP, Perl, MySQL, MS SQL?

PHP - PHP: Hypertext Preprocessor, server side language
ASP - Active Server Pages, server side language
Perl - server side language
Each programming language has its own benefits and uses.
MySQL and MS SQL are database systems that you can use a database to organize your data.

IBM TotalStorage SAN256B

2006-06-28T22:36:00.000-07:00

IBM TotalStorage SAN256B

* High availability with built-in redundancy designed to avoid single points of failure
* Highly scalable director with 16 or 32 ports per port switch blade, and from 16 to 256 ports in a single domain
* Multiprotocol router blade with sixteen Fibre Channel (FC) ports and two Internet Protocol (IP) ports for SAN routing and distance extension over IP

* Port switch blades support FICON® Director switching with Fibre Channel/FICON intermix, FICON CUP (Control Unit Port) and FICON cascading
* Interoperable with other IBM® TotalStorage® SAN b-type switches and directors
* Offers advanced security with comprehensive policy-based security capabilities
* Offers advanced fabric services such as end-to-end performance monitoring and fabric-wide health monitoring

The IBM TotalStorage SAN256B, with next-generation director technology, is designed to provide outstanding performance, enhanced scalability and a design ready for high performance 4 Gbps capable hardware and expanded capability features. The SAN256B is well suited to address enterprise SAN customer requirements for infrastructure simplification and improved business continuity.
IBM TotalStorage SAN256B fabric switch
Improved port density enables up to 256 ports in 14U vertical rack space to maximize datacenter efficiency

The SAN256B director interoperates with other members of the IBM TotalStorage SAN b-type family. It can be configured with a wide range of highly scalable solutions that address demands for integrated IBM System z™ and open system server enterprise SANs.

Common features
· Designed for mid-range to enterprise-class SANs
· Ideal as core-component in a core-to-edge SAN fabric
· 4 Gbps industry-standard Fibre Channel (FC) switch (requires storage system hardware that supports 4 Gbps throughput)
· 4, 2 and 1 Gbps auto-sensing capability
· Fabric Operating System V5 is common across all members of the IBM TotalStorage SAN b-type family
· Advanced Inter-Switch Link (ISL) Trunking, Load Balancing and Advanced Zoning
· Web Tools, Fabric Watch, Hot Code Activation and Performance Monitor
· Optional Extended Fabric Activation, Remote Switch Activation, FICON with CUP Activation, Advanced Security Activation, FCIP Activation

Hardware summary
· Chassis includes two control processor blades plus space for one to eight port blades, dual power supplies and fans in a 14U rack height
· Available 4 Gbps 16-port and 32-port switch blades and 16-port FC/2-port IP routing blades
· 4 Gbps shortwave and longwave Small Form-factor Pluggable (SFP) optical transceivers support distances up to 500m and 35 km respectively
· Full Fabric Operation and Universal Port (E, F and FL port) operation
· Many non-disruptive software upgrades and hot-swappable switch blades, power supplies and fans
· Fabric Shortest Path First (FSPF) designed to reroute around failed links
· Option to install in IBM TotalStorage SAN Cabinet C36

Making Changes in /proc filesystem

2006-06-28T22:21:00.000-07:00

Making changes

Detailing the exact information and usage of each file in /proc is outside the scope of this article. For more information about any /proc files not discussed in this article, one of the best sources is the Linux kernel source itself, which contains some very good documentation. The following files in /proc are more useful to a system administrator. This is not meant to be an exhaustive treatment but an easy-access reference for day-to-day use.

/proc/scsi

/proc/scsi/scsi
One of the most useful things to learn as a system administrator is how to add more disk space if you have hot-swap drives available to you, without rebooting the system. Without using /proc, you could insert your drive, but you would then have to reboot in order to get the system to recognize the new disk. Here, you can get the system to recognize the new drive with the following command:

echo "scsi add-single-device w x y z" > /proc/scsi/scsi

For this command to work properly, you must get the parameter values w, x, y, and z correct, as follows:

* w is the host adapter ID, where the first adapter is zero (0)
* x is the SCSI channel on the host adaptor, where the first channel is zero (0)
* y is the SCSI ID of the device
* z is the LUN number, where the first LUN is zero (0)

Once your disk has been added to the system, you can mount any previously formatted filesystems or you can start formatting it, and so on. If you are not sure about what device the disk will be, or you want to check any pre-existing partitions, for example, you can use a command such as fdisk -l, which will report this information back to you.

Conversely, the command to remove a device from your system without a reboot would be:

echo "scsi remove-single-device w x y z" > /proc/scsi/scsi

Before you enter this command and remove your hot-swap SCSI disk from your system, make sure you have unmounted any filesystems from this disk first.

/proc/sys/fs/

/proc/sys/fs/file-max
This specifies the maximum number of file handles that can be allocated. You may need to increase this value if users get error messages stating that they cannot open more files because the maximum number of open files has been reached. This can be set to any number of files and can be changed by writing a new numeric value to the file.

Default setting: 4096

/proc/sys/fs/file-nr
This file is related to file-max and holds three values:

* Number of allocated file handles
* Number of used file handles
* Maximum number of file handles

This file is read-only and for informational purposes only.

/proc/sys/fs/inode-*
Any files starting with the name "inode" will perform the same operation as files starting with the name "file" as above, but perform their operation relative to inodes instead of file handles.

/proc/sys/fs/overflowuid and /proc/sys/fs/overflowgid
This holds the User ID (UID) and Group ID (GID) for any filesystems that support 16-bit user and group IDs. These values can be changed, but if you really do find the need to do this, you might find it easier to change your group and password file entries instead.

Default Setting: 65534

/proc/sys/fs/super-max
This specifies the maximum number of super block handlers. Any filesystem you mount needs to use a super block, so you could possibly run out if you mount a lot of filesystems.

Default setting: 256

/proc/sys/fs/super-nr
This shows the currently allocated number of super blocks. This file is read-only and for informational purposes only.

/proc/sys/kernel

/proc/sys/kernel/acct
This holds three configurable values that control when process accounting takes place based on the amount of free space (as a percentage) on the filesystem that contains the log:

1. If free space goes below this percentage value then process accounting stops
2. If free space goes above this percentage value then process accounting starts
3. The frequency (in seconds) at which the other two values will be checked

To change a value in this file you should echo a space separated list of numbers.

Default setting: 2 4 30

These values will stop accounting if there is less than 2 percent free space on the filesystem that contains the log and starts it again if there is 4 or more percent free space. Checks are made every 30 seconds.

/proc/sys/kernel/ctrl-alt-del
This file holds a binary value that controls how the system reacts when it receives the ctrl+alt+delete key combination. The two values represent:

1. A zero (0) value means the ctrl+alt+delete is trapped and sent to the init program. This will allow the system to have a graceful shutdown and restart, as if you typed the shutdown command.
2. A one (1) value means the ctrl+alt+delete is not trapped and no clean shutdown will be performed, as if you just turned the power off.

Default setting: 0

/proc/sys/kernel/domainname
This allows you to configure your network domain name. This has no default value and may or may not already be set.

/proc/sys/kernel/hostname
This allows you to configure your network host name. This has no default value and may or may not already be set.

/proc/sys/kernel/msgmax
This specifies the maximum size of a message that can be sent from one process to another process. Messages are passed between processes in kernel memory that is not swapped out to disk, so if you increase this value, you will increase the amount of memory used by the operating system.

Default setting: 8192

/proc/sys/kernel/msgmnb
This specifies the maximum number of bytes in a single message queue.

Default setting: 16384

/proc/sys/kernel/msgmni
This specifies the maximum number of message queue identifiers.

Default setting: 16

/proc/sys/kernel/panic
This represents the amount of time (in seconds) the kernel will wait before rebooting if it reaches a "kernel panic." A setting of zero (0) seconds will disable rebooting on kernel panic.

Default setting: 0

/proc/sys/kernel/printk
This holds four numeric values that define where logging messages are sent, depending on their importance. For more information on different log levels, read the manpage for syslog(2). The four values of the file are:

1. Console Log Level: messages with a higher priority than this value will be printed to the console
2. Default Message Log Level: messages without a priority will be printed with this priority
3. Minimum Console Log Level: minimum (highest priority) value that the Console Log Level can be set to
4. Default Console Log Level: default value for Console Log Level

Default setting: 6 4 1 7

/proc/sys/kernel/shmall
This is the total amount of shared memory (in bytes) that can be used on the system at any given point.

Default setting: 2097152

/proc/sys/kernel/shmax
This specifies the largest shared memory segment size (in bytes) allowed by the kernel.

Default setting: 33554432

/proc/sys/kernel/shmmni
This represents the maximum number of shared memory segments for the whole system.

Default setting: 4096

/proc/sys/kernel/sysrq
This activates the System Request Key, if non-zero.

Default setting: 0

/proc/sys/kernel/threads-max
This is the maximum number of threads that can be used by the kernel.

Default setting: 2048

/proc/sys/net

/proc/sys/net/core/message_burst
This is the time required (in 1/10 seconds) to write a new warning message; other warning messages received during this time will be dropped. This is used to prevent Denial of Service attacks by someone attempting to flood your system with messages.

Default setting: 50 (5 seconds)

/proc/sys/net/core/message_cost
This holds a cost value associated with every warning message. The higher the value, the more likely the warning message is to be ignored.

Default setting: 5

/proc/sys/net/core/netdev_max_backlog
This gives the maximum number of packets allowed to queue when an interface receives packets faster than the kernel can process them.

Default setting: 300

/proc/sys/net/core/optmem_max
This specifies the maximum buffer size allowed per socket.

/proc/sys/net/core/rmem_default
This is the receive socket buffer's default size (in bytes).

/proc/sys/net/core/rmem_max
This is the receive socket buffer's maximum size (in bytes).

/proc/sys/net/core/wmem_default
This is the send socket buffer's default size (in bytes).

/proc/sys/net/core/wmem_max
This is the send socket buffer's maximum size (in bytes).

/proc/sys/net/ipv4
All of the IPv4 and IPv6 parameters are fully documented in the kernel source documentation. See the file /usr/src/linux/Documentation/networking/ip-sysctl.txt.

/proc/sys/net/ipv6
Same as IPv4.

/proc/sys/vm

/proc/sys/vm/buffermem
This controls the amount of the total system memory (as a percent) that will be used for buffer memory. It holds three values that can be set by writing a space-separated list to the file:

1. Minimum percentage of memory that should be used for buffers
2. The system will try and maintain this amount of buffer memory when system memory is being pruned in the event of a low amount of system memory remaining
3. Maximum percentage of memory that should be used for buffers

Default setting: 2 10 60

/proc/sys/vm/freepages
This controls how the system reacts to different levels of free memory. It holds three values that can be set by writing a space-separated list to the file:

1. If the number of free pages in the system reaches this minimum limit, only the kernel will be permitted to allocate any more memory.
2. If the number of free pages in the system falls below this limit, the kernel will start swapping more aggressively to free memory and maintain system performance.
3. The kernel will try to keep this amount of system memory free. Falling below this value will start the kernel swapping.

Default setting: 512 768 1024

/proc/sys/vm/kswapd
This controls how the kernel is allowed to swap memory. It holds three values that can be set by writing a space separated list to the file:

1. Maximum number of pages the kernel tries to free at one time. If you want to increase bandwidth to/from swap, you will need to increase this number.
2. Minimum number of times the kernel tries to free a page on each swap.
3. The number of pages the kernel can write in one swap. This has the greatest impact on system performance. The larger the value, the more data can be swapped and the less time is spent disk seeking. However, a value that is too large will adversely affect system performance by flooding the request queue.

Default setting: 512 32 8

/proc/sys/vm/pagecache
This does the same job as /proc/sys/vm/buffermem, but it does it for memory mapping and generic caching of files.

High-capacity NAS device on tap from Procom

2006-06-23T05:58:00.000-07:00

IRVINE, CALIF. - Procom Technology is expected to launch a new high-end, network-attached storage appliance this week that lets heterogeneous enterprise customers share, consolidate and manage their storage resources.

The NetForce 3100HA is a scalable, high-availability NAS device with an initial capacity of more than four terabytes that customers can grow as their storage requirement increases. This can be done by inserting 36G- or 73G-byte drives into the rack-mount enclosure without taking the system down. The system also has fault-tolerant features such as redundant fans and RAID controllers. To connect it to the network, the NAS appliance has a 10/100/1000M bit/sec Ethernet adapter.

The NetForce is the entry-level model of Procom's storage family. In Windows NT networks it makes use of access control lists (ACL) and NT's multiple master domain architecture. ACLs are lists of users who are allowed to access the server and the access rights they have; the multiple master domain architecture is used in geographically separated midsized and large corporations to house the security and access rights for users.

The NetForce supports the Unix Network File System and Microsoft's NFS, as well as the Network Data Management Protocol, the newest standard for LAN-free backup. It is designed to scale to over 16 terabytes.

The NetForce will compete against file servers from Network Appliance and EMC. The Network Appliance 840 scales to over 4.5 terabytes. EMC's ip4700 has an upper capacity of 3.6 terabytes.

But it was the new device's easy installation and cost that attracted Varco, an oil and gas company in Houston.

"We put our [enterprise resource planning] system on a Network Appliance server originally," says Cory Lucas, network administrator for Varco. "It took a long time to install and was complex. We looked at a couple of alternatives, but they didn't offer us the storage capacity we wanted. The 3100 was a 15-minute install into our Windows NT environment at one-third the price of the Network Appliance product." Lucas says.

The NetForce 3100HA NAS appliance is available starting at $42,000.

Procom: www.procom.com

Benefits of NAS

2006-06-23T05:57:00.000-07:00

- Almost any machine that can connect to the LAN (or is interconnected to the LAN through a WAN) can use NFS, CIFS or HTTP protocol to connect to a NAS and share files.
- A NAS identifies data by file name and byte offsets, transfers file data or file meta-data (file's owner, permissions, creation data, etc.), and handles security, user authentication, file locking
- A NAS allows greater sharing of information especially between disparate operating systems such as Unix and NT.
- File System managed by NAS head unit
- Backups and mirrors (utilizing features like NetApp's Snapshots) are done on files, not blocks, for a savings in bandwidth and time. A Snapshot can be tiny compared to its source volume.

what is NAS

2006-06-23T04:32:00.000-07:00

Introduction to NAS - Network Attached Storage

Dedicated network devices provide affordable, easy access to data

Several new methods of utilizing computer networks for data storage have emerged in recent years. One popular approach, Network Attached Storage (NAS), allows homes and businesses to store and retrieve large amounts of data more affordably than ever before.
Background
Historically, floppy drives have been widely used to share data files, but today the storage needs of the average person far exceed the capacity of floppies. Businesses now maintain an increasingly large number of electronic documents and presentation sets including video clips. Home computer users, with the advent of MP3 music files and JPEG images scanned from photographs, likewise require greater and more convenient storage.

Central file servers use basic client/server networking technologies to solve these data storage problems. In its simplest form, a file server consists of PC or workstation hardware running a network operating system (NOS) that supports controlled file sharing (such as Novell NetWare, UNIX® or Microsoft Windows). Hard drives installed in the server provide gigabytes of space per disk, and tape drives attached to these servers can extend this capacity even further.

File servers boast a long track record of success, but many homes, workgroups and small businesses cannot justify dedicating a fully general-purpose computer to relatively simple data storage tasks. Enter NAS.

What Is NAS?
NAS challenges the traditional file server approach by creating systems designed specifically for data storage. Instead of starting with a general-purpose computer and configuring or removing features from that base, NAS designs begin with the bare-bones components necessary to support file transfers and add features "from the bottom up."

Like traditional file servers, NAS follows a client/server design. A single hardware device, often called the NAS box or NAS head, acts as the interface between the NAS and network clients. These NAS devices require no monitor, keyboard or mouse. They generally run an embedded operating system rather than a full-featured NOS. One or more disk (and possibly tape) drives can be attached to many NAS systems to increase total capacity. Clients always connect to the NAS head, however, rather than to the individual storage devices.

Clients generally access a NAS over an Ethernet connection. The NAS appears on the network as a single "node" that is the IP address of the head device.

A NAS can store any data that appears in the form of files, such as email boxes, Web content, remote system backups, and so on. Overall, the uses of a NAS parallel those of traditional file servers.

NAS systems strive for reliable operation and easy administration. They often include built-in features such as disk space quotas, secure authentication, or the automatic sending of email alerts should an error be detected.

NAS Protocols
Communication with a NAS head occurs over TCP/IP. More specifically, clients utilize any of several higher-level protocols (application or layer seven protocols in the OSI model) built on top of TCP/IP.

The two application protocols most commonly associated with NAS are Sun Network File System (NFS) and Common Internet File System (CIFS). Both NFS and CIFS operate in client/server fashion. Both predate the modern NAS by many years; original work on these protocols took place in the 1980s.

NFS was developed originally for sharing files between UNIX systems across a LAN. Support for NFS soon expanded to include non-UNIX systems; however, most NFS clients today are computers running some flavor of the UNIX operating system.

The CIFS was formerly known as Server Message Block (SMB). SMB was developed by IBM and Microsoft to support file sharing in DOS. As the protocol became widely used in Windows, the name changed to CIFS. This same protocol appears today in UNIX systems as part of the Samba package.

Many NAS systems also support Hypertext Transfer Protocol (HTTP). Clients can often download files in their Web browser from a NAS that supports HTTP. NAS systems also commonly employ HTTP as an access protocol for Web-based administrative user interfaces.

2006-06-23T03:53:00.000-07:00

Hello all,

I am working in one of good software company as linux expert. IT market is little changing for new ppls who are interested linux administration or network stuffs,
you even I am doing the same from few years but right I am not getting much satisfaction from this job. Thats ppl should think to get into it, rather than you can go for storage domain for example SAN and NAS.
and I am going to post some basic and adavance stuffs bout SAN and NAS, Belive me guys if you want to make money, want to get job, want to get satisfaction then learn bout SAN and NAS and get good job.
and you know every corporate having storage for their database,
so move on for storage administration...dont worry its part of system administration linux always be there.

then enjoy new posts
UniLinux

New ATI drivers for Linux

2006-06-01T08:26:00.000-07:00

yamla writes "ATI has finally released new Linux drivers that claim support for the Radeon and Radeon Mobility 1x00 graphics cards, more than six months after releasing the chips. Read the release notes here. Any reviews are welcome."
New Product Support

Radeon X1900 series
Radeon X1800 series
Radeon X1600 series
Radeon X1300 series
Mobility Radeon X1800
Mobility Radeon X1600
Mobility Radeon X1400
Mobility Radeon X1300

Resolved Issues

Quake 3: Texture corruption is no longer noticed when playing the game on systems containing an ATI RadeonÂ® 8x00, RadeonÂ® 9000, RadeonÂ® 9100, RadeonÂ® 9200, or RadeonÂ® 9250 product
The ATI Installer no longer inconsistently backs up and recovers existing XF86 and Xorg config files.
The ATI Uninstaller /usr/share/fglrx/fglrx-uninstall.sh, can now be executed from any path

Build Spam Filter for Linux

2006-06-01T08:24:00.000-07:00

Overview
1. Build bare-bones Linux server
a. Custom Configurations
b. Partitions
c. Firewall Option
d. Package Selection
e. LANG variable

2. Install Postfix Message Transfer Agent (MTA)
a. Disable sendmail
b. Install Postfix
c. Configure Postfix
d. Test Postfix
e. Configure for mail forwarding
f. Test again

3. Install Mailscanner
a. Install MailScanner Package
b. Initial MailScanner Configuration

4. Install Spamassassin
a. Install SpamAssassin
b. Configure SpamAssassin

5. Install ClamAV
a. Install ClamAV
b. Configure ClamAV
c. Test ClamAV
Step I - Build Bare-Bones Linux Server
I've used some of the fairly recent versions of RedHat Linux. Versions 8, 9 or Fedora should work fine. I choose the custom build using the GUI installer.

a. Custom User Configurations
Select the generic selections for keyboard, language and timezone.

b. Partitions
You should partition the server with at least this layout: / /usr /varThis will protect your server from runaway log files.

c. Firewall Configuration
I chose to select the "no firewall" option. I consider this device to be a traffic management device and not a security device. Upstream security should be handeld by an actual firewall. Of course, many may disagree with this and choose to load IPTables. Just make sure you have the right chains configured to allow traffic to flow properly.

d. Package Selection
When you get to the package selections, DE-SELECT EVERYTHING. Go back and choose only the following items:

Editors -> you'll need this to vi files
Development Tools -> you'll need this to compile software

Once the machine builds itself, it will reboot.

e. Fix LANG Variable
Once it reboots, we need to edit the LANG variable. RedHat's LANG variable setting of LANG="en_US.UTF-8" can cause compilation errors in some perl code used by MailScanner and SpamAssassin.

In Red Hat Linux you must edit the file /etc/sysconfig/i18n to change the lines:
LANG="en_US.UTF-8" SUPPORTED="en_US.UTF-8:en_US:en" To: LANG="en_US" SUPPORTED="en_US.UTF-8:en_US:en"You then need to re-set and export the LANG variable: [root@titan sysconfig]# LANG='en_US' [root@titan sysconfig]# export LANGStep II - Install Postfix
I chose to use postifx instead of sendmail for my MTA. I like postfix because its configuration is very understandable. Also, I believe it is a bit more lightweight than sendmail.

a. Disable existing Sendmail services
Before you install postfix, you need to disable the existing sendmail items running on your Linux box. Service sendmail stop chkconfig sendmail offb. Install Postfix
Download postfix 2.1.5 from www.postfix.org and install as per this postfix document. Make sure you add the required records in passwd, group and aliases files. Postfix and Mailscanner will not work without them!

Accept all of the default settings when you "make install"

c. Configure Postfix
Postifx has two files which control most of its functionality. These are main.cf and master.cf.

Specific main.cf edits: myhostname = titan.corp.com mydomain = corp.com myorgin = $mydomain inet_interfaces = all mydestination = $myhostname, localhost.$mydomain $mydomain mynetwork_style = hostNote: some of these items need to be changed, while some only need to be uncommented.

d. Test Postfix Build
It is very importiant to test postfix now to make sure everything works.

Send an email to this mail server. You can telnet on port 25 to this box and manually send an email.

e. Configure Postfix to forward email
Since we do not want this device to be the final destination for our mail, we need to configure Postfix to forward all mail for our domain to our SMTP mail server. We need to make sure that only mail for our domain is forwarded, and mail for other domains is dropped (do not become a open mail relay - very bad!)

Edit this item in main.cf relay_domains = lab.netThis tells Postfix which domains it should relay mail. All mail destined for this doamin (and only this domain) will be forwarded to its remote SMTP server. You can put multiple domains here, just seperate them with a comma or whitespace.

Add line to end of main.cf transport_maps = hash:/etc/postfix/transportThis tells Postfix what method to use to resolve the destination address for relayed mail:

Add line to end of "/etc/postfix/transport" lab.net smtp:[192.168.2.225]This command specifically maps the domain "lab.net" to the IP address 192.168.2.225 and tells Postfix to use SMTP as the transport. All mail destined for lab.net which is relayed thru this Spam Gateway will be forwarded via SMTP to 192.168.2.225.

Then run command: postmap /etc/postfix/transportThis command builds the hash table/file which Posfix will use to forward mail. If you don't do this, it wont work.

Finally add this line to main.cf append_at_myorigin = noThese lines will make sure your Spam Gateway does not add any of its own header domain info to the mail as it passes thru.

f. Test Again
Stop and start postfix to make sure all changes take. postfix stop postfix startI know this is redundent, but you really should test your system again before installing MailScanner. Make sure that mail gets passed thru the system wihtout problem. If you do encounter a problem, it will be alot easier to fix it now than after you've installed MailScanner, SpamAssassin and ClamAV.
Step III - Install MailScanner

a. Install MailScanner
MailScanner installation is very easy to install. Just download the package from http://mailscanner.info. I use the version for RedHat/Mandrake.

Place the tar file in you directory of choice then run: tar zxvf MailScanner-.tar.gzRun the install script: ./install.shUse chkconfig to make sure MailScanner is set for the proper run levels. chkconfig --list | grep MailScannerYou should see: MailScanner 0:off 1:off 2:on 3:on 4:on 5:on 6:offAlso, you'll need to disable postfix via chkconfig. MailScanner starts postfix itself. chkconfig postfix offb. Configure MailScanner Settings

Updates to postfix's main.cf by adding this line: header_checks = regexp:/etc/postfix/header_checks In the file /etc/postfix/header_checks add this line: /^Received:/ HOLDHere are the edits to Mailscanner - place / update in /etc/MailScanner/MailScanner.conf Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming MTA = postfixHere's some file permissions changes you'll need to make: chown postfix.postfix /var/spool/MailScanner/incoming chown postfix.postfix /var/spool/MailScanner/quarantineIts a good idea to test the server now. Send a message to the remote server and see if it goes thru. It should, and then you can move to installing SpamAssassin.
Step IV - SpamAssassin
a. Install SpamAssassin
SpamAssassin is also very easy to install, however, you need to make sure you have the proper PERL modules installed. They are: Digest::SHA1 HTML::ParserOptional Modules: MIME::Base64 DB_File Net::DNS Mail::SPF::Query Time::HiResYou can install SpamAssassin with: perl -MCPAN -e 'install Mail::SpamAssassinThen install Net::DNSb. Configure SpamAssassin
You don't need to edit any of the SpamAssassin conf files because all of the configuration is done thru MailScanner.

In /etc/MailScanner/MailScanner.conf we will make these changes:
Change this line: Use SpamAssassin = noto: Use SpamAssassin = yesUpdate the SpamAssassin User State Dir setting: SpamAssassin User State Dir = /var/spool/MailScanner/spamassassinand then run commands: mkdir /var/spool/MailScanner/spamassassin chown postfix.postfix /var/spool/MailScanner/spamassassinRestart MailScanner to make changes stick. service MailScanner restartStep V - ClamAV
a. Install ClamAV
Before you install ClamAV, you need to add the clamav user and group. You can do this as follows: groupadd clamav useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamavOnce this is done, you can build the software.
Open up the package: tar xvzf clamav-0.80.tar.gzGeneric build proceedure: ./configure makeI encountered a problem with my RedHat Fedora Core 3 build which was fixed by using this command "ln -s /usr/lib/libidn.so.11.4.6 /usr/lib/libidn.so". See this web page for details: "http://kb.atmail.com/view_article.php?num=132&title=libidn.so:%20No%20such%20file%20or%20directory" make installNow you need to load the perl modules for the ClamAV perl -MCPAN -e shell install Parse::RecDescent install Inline install Mail::ClamAV b. Configure ClamAV and MailScanner Settings
In /usr/local/etc/clamd.conf make the following edits:

Add '#' in front of the word 'Example'

Do the same in /usr/local/etc/freshclam.conf

Now you need to update ClamAV's virus signature files [root@titus]# freshclam ClamAV update process started at Sat Jan 29 19:43:51 2005 main.cvd is up to date (version: 29, sigs: 29086, f-level: 3, builder: tomek) daily.cvd is up to date (version: 691, sigs: 804, f-level: 4, builder: ccordes)Update MailScanner's configuration file to use ClamAV 'Virus Scanners = clamav'In MailScanner.conf, check the setting of 'Monitors for ClamAV Updates' to ensure it matches the location of your ClamAV virus database files. This should be "/usr/local/share/clamav/*.cvd".

Windows Vista vs Linux servers

2006-06-01T08:11:00.000-07:00

Windows vs. LinuxThis article will not attempt to advocate the use of Linux over Windows or vice versa. I will try to present the differences and similarities between Linux and Windows in a fair manner.
Overview:
Both Linux and Windows (2000, NT, XP, Vista) are operating systems. Linux was inspired from Unix, while Windows was inspired from VMS.

While no single company "owns" Linux, Windows is owned by Microsoft. Various distributions (often referred to as "distros") of Linux come from different companies (e.g. Red Hat, Novell SuSE, Mandrake etc.), while all Windows flavors (95, 98, 2000, XP, Vista) come from Microsoft.

Both Linux and Windows come in Desktop and Server editions.

Cost:
As far as cost is concerned, Linux is very cheap or free. I used the word "very cheap" for enterprise users. While anybody can download, install and use Linux, the distribution companies usually charge for technical support. Windows is expensive. You first pay for the copy of the software and then again for the technical support if you ever want it. There is another catch though; Windows enforces you to use a single copy on a single computer. This is not the case with Linux though, once you purchase Linux, you can run it on an unlimited number of computers.

GUI:
Both Windows and Linux are GUI based operating systems. I'm afraid but, Windows has better GUI than Linux and it will get far better with the upcoming Windows Vista release. Linux has two GUIs: Gnome and KDE. Linux is fast catching up and is evolving from a server operating system to a desktop operating system.

Command Line:
Both Windows and Linux comes with command line interface. Windows calls it the "DOS prompt", while Linux refers to it as the "shell". Linux's shell is far more superior than Window's DOS prompt. It can do a whole lot of things that are not possible in Windows. Linux support various command line shells such as BASH, Bourne, Korn, C shell and many other.

Third Party Application Software Availability:
Both Windows and Linux run third-party applications. Windows, compared to Linux, has far greater number of third party applications available for use. A program written for Windows will not run under Linux (although it can be made to emulate, but it will be very annoying and hence not recommened).

Linux's application base is, however, increasing threefold. On a more close examination, the average computer user uses the following applications 90% of the time: Word Processor (Office suite), E-mail client, Web browser, Media software, and Instant Messenger. Linux has all these applications and in fact has many flavors for each.

Like Linux, all third party applications are very cheap or free. Whereas, Windows applications can cost a leg and a limb.

Security:
Simply put it this way, Windows is not secure. If you are using Windows and don't have Antivirus, Anti Spyware, and firewall (memory and resource eating applications), your computer can get affected by a virus in less than 10 minutes. I remember restoring a fresh copy of Windows XP on my Toshiba A40 notebook. I was browsing the Internet with Microsoft Internet Explorer and my machine got infected with loads of spyware in less than 15 minutes!

Microsoft came up with Firewall and Anti Spyware products, but these programs run in the background and eat up your computer's precious memory.

Linux, on the other hand, doesn't have these issues. I'm not aware of any spywares for Linux. One can safely run a Linux distro without ever worrying about installing Anitvirus or Anti-Spywares.

Windows also has more security flaws than Linux. By security flaw, I mean a hacker can compromise the Windows operating system and break into your machine and destroy your files. But, flaws on Windows are quickly fixed and patches are often made available almost instantly after the flaw is reported.

Supported Hardware:
Windows was originally designed for Intel based machines. Earlier version of Windows NT also ran on RISC and Alpha architectures, but not anymore. Linux run on a wide variety of hardware. And can support some very old legacy hardware. I've seen a Linux distro running on a 486 based machine.

Diver Availability:
As one author once said, "Windows is a bag of drivers". I think that is quite true. Installing a new hardware device is a piece of cake in Windows, whereas it can be a nuisance on Linux especially for average Joe. I can't in my wildest dreams imagine my dad installing a sound card successfully in Linux.

Things however will not stay the same for long. Manufacturers are also offering Linux drivers for their hardware, which will simplify the process.

Network Support:
Linux beats Windows bad in this area. Windows was never designed for the Internet. Unix, on which Linux is based, was designed for Internet (or Network) and is far more efficient compared to Windows. A senior Network Administrator working for a Fortune-500 company, recently pointed to me that if we monitor the traffic between exchange Windows based Exchange Server and Client, we can see that hundreds of packets are going to and from even when both are idle. He said that such is not the case with Linux.

However, our average Joe will never see or feel any difference. Windows Internet is good enough for him.

File System:
Windows Vista will use a new file system called WinFS. Earlier version used FAT (FAT16 and FAT32) and NTFS file systems, with NTFS being the preferred choice. Linux supports ext2 and ext3 file systems.

FAT file systems were mediocre, but NTFS can be compared with the Linux file systems.

Both file systems allows us to create directories, sub directories and file. Linux file systems are case-sensitive whereas, NTFS is not.

Normally, Linux systems cannot access NTFS file systems, but with the help of add-on software, it can.

Help and Documentation: Linux help and documentation is quite good, accurate and to the point compared.

I've been using Windows for well over 8 years now. Frankly speaking, I hardly ever checked the accompanying documentation or the help file because everything is so simple that nobody needs to venture in the help file.

What should I buy?
OK. Truth hurts, but let it be. If you are average Joe, that extra $300 on Windows are worth spending. If you are looking an OS for your server, never even think about Windows. Buy Linux.

LDAP for authentication

2006-06-01T08:10:00.000-07:00

Authenticating to a LDAP serverReasons for authenticating to an LDAP server.

We assume that you would like to create a web server where a client can log in and then retrieve their e-mails via internet and/or send e-mails etc. (example: www.gmx.de, www.web.de or http://linuxali.dyndns.org:4141 ).

Therefore the client has to become a user on the web server. That means they have to run the web server as root (not recommended) to be able to use the commands useradd and groupadd. Your second option is to put all users into a database, where the system looks at every login and controls individual access if the user exists.

This second opportunity is safer as you have one single location in the network where all users log in (like the NDS from Novell); you can administrate the users at a central point (Single Point of Administration).

Necessary software

OpenLDAP 2.x.x (http://www.openldap.org/software/download/) (In this tutorial OpenLDAP 2.0.12 is used)

Nss_ldap (http://www.padl.com/nss_ldap.html)

Pam_ldap (http://www.padl.com/pam_ldap.html)

Pam-devel (http://www.tuxfinder.com) (only necessary if you did not compile PAM yourself)

Debian users only need the package libpam0g-dev ("apt-get install libpam0g-dev")

OpenLDAP should already be completly configured; if it is not and you have problems look for the tutorial by Thomas Kroll (http://www.linuxnetmag.com/de/issue6/m6ldap 1.html)

Installing the software

First, decompress the packages nss_ldap and pam_ldap by:

>> tar xvfz nss_ldap....tar.gz
>> tar xvfz pam_ldap....tar.gz

Then compile and install them by:
>> ./configure
>> make
>> make install

in each directory.

Installation time will depend on your computer.

Configuring the software

In order to store the following objects, for the LDAP account, you have to adapt the file slapd.conf ( it is in the configuration directory of OpenLDAP).

It should look like this:

Slapd.conf

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema

# These are the files which define the objects
# that are included before starting the server.
# These entries must be changed.

# The following files should already be present,
# otherwise the LDAP server would not work properly.

pidfile /usr/local/var/slapd.pid
argsfile /usr/local/var/slapd.args

# This data is necessary for starting the LDAP server.

database ldbm
suffix "dc=alkronet,dc=de"

# This entry determines the highest object in your LDAP database.
# This value must be adapted.

rootdn "cn=Manager,dc=alkronet,dc=de"

# This entry determines a person who has all permissions
# for the following object in the LDAP database.
# This value must be adapted.

rootpw test

# The root password.

directory /usr/local/var/openldap-ldbm

# Directory with the LDAP database.

defaultaccess write

# Standard permissions for every user.

# Indices to maintain
index objectClass eq

The file /etc/ldap.conf must also be adapted because the programs nss_ldap and pam_ldap are accessing it (Be careful, do not edit the file: /etc/openldap/ldap.conf). It is also possible that the files are in a different place. If you use the option -sysconfdir= ... at configuration time, the files will reside in the corresponding directory.

Ldap.conf
host 127.0.0.1
# host where you can reach the LDAP server

base dc=alkronet,dc=de

# the base of the LDAP server

pam_filter objectclass=posixAccount

# At log in all objects which are contained in the object class
# posixAccount are searched for the user

pam_login_attribute uid

# also those which have the attribute uid

nss_base_passwd o=auth_user,dc=alkronet,dc=de?one
nss_base_shadow o=auth_user,dc=alkronet,dc=de?one
nss_base_group o=auth_group,dc=alkronet,dc=de?one

# names the LDAP place where the account data must be

sslno

# ssl connections = no

Afterwards a file should be created where an organizations container object is put in. This file could look like the following:

User.ldif
dn: o=auth_user, dc=alkronet, dc=de
o: auth_user
objectclass: organization

# these lines create an organizations object
# which is named "auth_user". Later, new
# users will be inserted in this object.

dn: o=auth_group, dc=alkronet, dc=de
o: auth_group
objectclass: organization

dn: cn=user, o=auth_group, dc=alkronet, dc=de
objectClass: posixGroup
objectClass: top
cn: user
userPassword: {crypt}x
gidNumber: 10

# here the group "user" with the number 10 is created

dn: uid=tester, o=auth_user, dc=alkronet, dc=de
uid: tester
cn: Test Tester
objectclass: account
objectclass: posixAccount
objectclass: top
objectclass: shadowAccount
userPassword: test
shadowLastChange: 11472
shadowMax: 99999
shadowWarning: 7
uidNumber: 1000
gidNumber: 10
homeDirectory: /home/tester
loginShell: /bin/bash

# uid = user- und login name
# cn = christian name, surname would be sn
# afterwards the object classes are defined
# for the quite tricky values with shadow*
# the manpages of passwd, useradd and
# shadow should probably be consulted
# uidNumber = user number or user id
# gidNumber = group number or id the user belongs to
# homeDirectory = home directory
# loginShell = login shell

After this file is created it can be added to the LDAP server.

This is done with the command ldapadd.

>> ldapadd -x -D "cn=manager, dc=alkronet, dc=de" -W -f User.ldif

Now the user is included in the LDAP database but the database is not accessed during log in.

So the PAM service must be adapted to the LDAP server.

Preparing the system for authenticating to a LDAP server

First /etc/nsswitch.conf must be edited to tell the system that group-, user- and password information is not only held in files but also on a LDAP server.

This could look like the following:

/etc/nsswitch.conf
passwd: ldap files
group: ldap files
shadow: ldap files

# ldap was added here

hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis

If you compiled the packages nss_ldap and pam_ldap yourself, a file named ldap.conf should exist in the directory /usr/local/etc. If it is not, the option -sysconfdir was used at compile time. You should look in the directory you chose then.

Debian users who have worked with apt-get own the two files pam-ldap.conf and libnss-ldap.conf. These files are the same and you could also create a link (e.g.: ln -snf /etc/pam-ldap.conf /etc/libnss-ldap.conf).

The content of this file determines which LDAP server to authenticate to and which objects contain the user- and password information.

It could look like the following:

Ldap.conf oder ldap-pam.conf

host 127.0.0.1
# IP des LDAP Servers

base dc=alkronet,dc=de
# base object of the server

# binddn cn=proxyuser,dc=padl,dc=com
# bindpw secret
# rootbinddn cn=manager,dc=padl,dc=com
# port 389

# if you have to authenticate to the LDAP server to be able
# to browse data, the user and password have to be
# named here

# timelimit 30
# sets how long a user is allowed to browse the LDAP server

# bind_timelimit 30
# sets how long a user is allowed to be connected
# to the LDAP server

# idle_timelimit 3600
# sets the time the connection is automatically cut
# when the user is idle

pam_filter objectclass=posixAccount
# search all entries where the object class equals posixAccount

pam_login_attribute uid
# the username is stored in the attribute uid

nss_base_passwd o=auth_user, dc=alkronet,dc=de?one
nss_base_shadow o=auth_user, dc=alkronet,dc=de?one
nss_base_group o=auth_group, dc=alkronet,dc=de?one

# sets the path to the passwords, the shadow entries and the
# group information
# ?one means, that only one entry may be used
# if there is more than one entry the first found
# password is used

sslno
# SSL connections are not supported

Furthermore the configuration files of every service that is running on the system that will authenticate to the LDAP server must be adapted.

The configuration files reside in /etc/pam.d. Some examples are already included with the PAM software and can be found in example.

If you did not compile PAM yourself they should be in /usr/share/doc/pam, /usr/share/doc/packages/pam or /usr/share/doc/libpam.

The file that is accessed during log in is named login and could look like this:

/etc/pam.d/login
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_ldap.so use_first_pass
auth required /lib/security/pam_unix_auth.so try_first_pass
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_unix_acct.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_ldap.so
password required /lib/security/pam_pwdb.so use_first_pass
session required /lib/security/pam_unix_session.so

# /lib/security/pam_ldap.so should be available
# for every section (auth, account, password) now

# use_first_pass means that the first entered password is used
# and the files (shadow and passwd) are omitted

The other files in the directory can also be adapted this way; or you could take the example files from PAM.

Now logging in should be working, but I had to reboot (perhaps some services must be restarted).

PHP script for adding users

add_user.php
$username = testuser;
$password = testuser;
$user_id = 1005;

$ldap_server = "127.0.0.1";
$ldap_base = "dc=alkronet,dc=de";

# Attention: Double user ids could lead to authenticating errors

$entries["uid"]=strtolower($username);
$entries["cn"]=$username;
$entries["objectclass"][0]="account";
$entries["objectclass"][1]="posixAccount";
$entries["objectclass"][2]="top";
$entries["objectclass"][3]="shadowAccount";
$entries["userPassword"]=$password;
$entries["shadowLastChange"]="11472";
$entries["shadowMax"]="99999";
$entries["shadowWarning"]="7";
$entries["uidNumber"]=$user_id;
$entries["gidNumber"]="10";
$entries["homeDirectory"]="/home/".$username;
$entries["loginShell"]="/bin/false";

$connect = ldap_connect($ldap_server);
$bind = ldap_bind($connect, "cn=manager, ".$ldap_base, "test");

if (!$bind || !$connect) {
echo "Connection could not be established.";
exit;
}

ldap_add($connect, "uid=".strtolower($username).", o=auth_user, ".$ldap_base, $entries);

if (ldap_error($connect) != "Success") {
echo "

".ldap_error($connect)."

";
}

BIND and ADS

2006-06-01T08:04:00.000-07:00

In the real world, corporate networks are usually a heterogeneous mix of different makes and models of computers and services. In my probably typical work environment, we mix a few MS Windows Servers in with many Linux and IBM A/S400 servers. While it would be nice to be a homogeneous network, often times, the software required for business just isn't made for your preferred operating system. Hopefully this brief paper will help integrate your rock-solid "legacy" DNS servers running on *NIX with your Active Directory Domain Controllers.

The key to this is a little used (at least in the BIND DNS world) item called a Service Record, or SRV record. SRV records are intended to relay information via DNS regarding which server is providing which service. The server may be on your local LAN, but it's not required. If a Domain Controller (referred to here after as DCs) is on the same LAN as your workstation, the workstation will use it's own mechanism, a network broadcast, to find the DC so a SRV record may not be absolutely required. If however they are on different networks or LANs, SRV records will be required so the workstations knows where the DC is located. If you've read anything about routing, you probably know this is because the router between the 2 LANs will not forward the workstations broadcast traffic to the DCs LAN. Thus the DC cannot answer the broadcast leaving the workstation isolated on the other side of the router.

Don't be alarmed by the funky syntax, but here is a sample SRV record:

_http._tcp.example.com. SRV 10 5 80 www.example.com.

As you can see an SRV record has several fields and a unique system for naming. The naming system is an underscore followed by the name of the service, followed by a period, an underscore, and then the protocol, another dot, and then the name of the domain. The period at the end of the domain is required in this case. This tells BIND not to append another "example.com" to the name making it "_http._tcp.example.com.example.com". Same goes for the period at the end of the target computer as well.

If the fields were labeled by number left to right in the above example. The fields are:
1. The _service._protocol.domainname
2. The Resource Record. As you can guess, it will always be SRV for Service Records. For other types of records it can be different, eg, for Address Records it will be A instead of SRV.
3. The Priority of 10. This sets the preference for a host specified in the target field. DNS clients that query for SRV resource records attempt to contact the first reachable host of the lowest numbered preference listed here. Although target hosts have the same stated preference value, they can be tried in random order. The range of preference values is 0 to 65535. I keep these at 0 (zero) most of the time to make it simpler.
4. The Weight of 5. Can be used in addition to preference to provide a load-balancing mechanism, where multiple servers are specified in the target field and are all set to the same level of preference. When selecting a target server host among those of equal preference, this value can be used to set an added level of preference that can be used to determine the exact order or balancing of selection for the target hosts used in an answered SRV query. When a non-zero value is used, servers of equal preference are tried in proportion to the weight of this value. The range of values is 1 to 65535. If load balancing is not needed, use a value of 0 in this field to make the record easier to read.
5. The Port Number for the service(80). In the example it is the common port for the http service of 80, but it can be anything. For example, if you run http on port 8888, then you would put 8888 in this field. This particular field was the entire reason SRV records surfaced. They were made to allow clients to know which port a service was running on in case it was running on an unusual port number. The *NIX world thought running common services on unusual ports was a bad idea. As a side effect so SRV records were never embraced and are not commonly used by *NIX admins.
6. The target server. This should match the name given by the Address Record of the target server of course.

The SRV record will go in the forward look-up file. This will be the same file containing the A records. If you see files with Pointer Records (PTR) files, you are in the wrong file.

Ok, now the actual part that makes things work. In order for a workstation to find out which server is the DC, four SRV records are required to complete the deal for each DC. This example is for one domain controller, so the weight and priority fields are set to zero (0). Also, you should be able to see that the LDAP service uses port 389, and the Kerberos service uses port 88.

If you have an Address Record (A) that identifies your server name like this:

dc1.example.com. A 111.222.333.444

Then your SRV records for this DC would be as follows

_ldap._tcp.example.com. SRV 0 0 389 dc1.example.com.
_kerberos._tcp.example.com. SRV 0 0 88 dc1.example.com.
_ldap._tcp.dc._msdcs.example.com. SRV 0 0 389 dc1.example.com.
_kerberos._tcp.dc._msdcs.example.com. SRV 0 0 88 dc1.example.com.

You may notice that there are two LDAP and two Kerberos entries that look similar. One simply tell where the LDAP and Kerberos services are running and the other on tell the client that it is the DC for the listed target domain.

If you have 2 or more DCs you can experiment with the priority and the weight fields, but I'll leave that as an exercise for you.

Hopefully with this little bit of info, you can forgo the hardships of trying to make your legacy system work with MSDNS. Why learn more than you have to when, in this instance, the old way is clearly the best way!

MPM in apache

2006-06-01T08:01:00.000-07:00

'Multi Processing Modules', generally called MPMs, are modules that get the primary attention in Apache. Apache has been known for its extensibility through modules and this is one of the main reason that it has been favoured worldwide, apart from its rock stabilty. Modules that can be added at a later stage or when in need makes Apache more stable due to the decreased load.

MPMs are supposed to do the rigorous work of binding to the port specified, accepts the connection requests, generate the child processes according to the load of the server and dispatch the children for the incoming connections. They are loaded along with 'httpd' at startup time. Many a MPM exist, but one and only one can exist in a running Apache installation. The default MPM for Unix is the 'Prefork' module. The default MPMs which exist for other platforms are :

BeOS : beos
Netware : mpm_netware
OS/2 : mpmt_os2
Windows : mpm_winnt

The main difference between MPMs and normal modules is that only one of the former can be used and multiple ones can be loaded in the latter. MPMs must be chosen during install and can be compiled into the binary using the '--with-mpm=NAME' option. If any of the MPMs are not specified, then the default MPM, 'prefork', will be compiled. Apache in Windows is now more efficient since it does not need to use the POSIX compliance and can use the native networking features of the OS. In the Windows environment,the MPM 'mpm_winnt' is used as the default.

Two of the MPMs specified in 'httpd.conf' are 'prefork' and 'worker'. These two MPMs exists for different specifications. The 'worker' MPM was introduced in Apache2. It uses a multiprocess-multithreaded structure. Multi-process means the number of child servers started and multi-threads, the number of connections made by each child-process. The child servers starts the threads according to the directives 'ThreadsPerChild', 'MinSpareThreads' and 'MaxSpareThreads'. By using a threaded structure, each child server can handle more than one connection, upto the limit specified by 'MaxSpareThreads'. The parent process is responsible for starting the child processes. The child instances inturn starts the number of threads specified by 'ThreadsPerChild ' and one additional thread for listening to incoming requests. The main drawback is that it makes more demand on your virtual memory and since one child server handles more than one thread (each thread equals one connection), anything that effects a particular child process has the same effect on the connections. In short, one crashed child process means more than one lost connection. But in the case of 'prefork' module, the concept of threads doesn't exist. A seperate child process get started for each incoming connection, provided within the limit specified. This concept is more geared towards stability since each child process has to handle only its own connection.

'Multi Processing Modules' are just a small part of the really big world of modules in Apache. More about module configuration in the next part. More to come.

Beginning with Java on Linux

2006-05-17T21:18:00.000-07:00

It seems that you can't go anywhere on the web without running into some form of Java, this is why I am now going to try to explain not only what Java is, but give some examples of programs that you can make, modify and learn from.
What is Java?
Java was originally developed by Sun Microsystems in an attempt to create an architecturally neutral programming language that would not have to be complied for various CPU architectures. Oak (as it was originally called, although the name was changed in 1995) was developed in 1991 for such things as home appliances which would not all run on the same type of processors. Just then the web was taking off and it was obvious that an programming language that could be used for many different operating systems and CPU architectures without compling many times would be of great importance. The final solution was to use bytecode. Unlike C++, Java code is not executable, it is code that is run by a Java Virtual Machine (JVM), so once a JVM is introduced for a platform all the Java programs can be run on it. There are two types of Java programs, the applications and the applets. The applications are what are written on a computer and run on a computer without the Internet connected in anyway. An applet is a program made for use on the internet and is the programs that runs in your browser. Sun also gave Java some buzzwords.
Simple
You might get some arguments from beginners on this, but Java remains a fairly simple language.
Secure
If you ever try to save from a notepad program (or any program) in Java you will get something saying
Quote:
This application has requested read/write access to a file on the local filesystem. Allowing this action will only give the application access to the file(s) selected in the following file dialog box. Do you want to allow this action?
The Java code runs within the JVM and prompts you if the bytecode wants to read or write.
Portable
Since it is architecturally neutral it can run on PCs, Macs, PDAs, Cellphones, and about anything else if there is a JVM for it.
Object-Oriented
While some languages are based around commands, Object-Oriented programming focuses on that data. For a more complete definition I highly recommend going to Google Glossary to learn more.
Robust
Powerful. This is in part due to the fact that the Java complier will check the code and will not complie it if has errors.
Multithreaded[b/]
Java has built-in support for multi-threaded programming.
[b]Architecture-neutral
Java is not made for a specific architecture or operating system.
Interpreted
Thanks to bytecode Java can be used on many different platforms.
High Performace
Java isn't going to be used for 1st person shooters but it does run fast.
Distributed
It can be used on many platforms
Dynamic
Can evolve to changing needs.

How Java is like C/C++
A Java programmer would be able to learn C/C++ quickly and a C/C++ programmer would be able to learn Java quickly because they are similar. When Java was made it was not to be a programming language that was better then C/C++ but was made to meet the goals of the interenet age. Java also has differences with C/C++, for example, someone could not write C/C++ code and complie it as Java for Internet use, nor could someone take Java code and complie it into C/C++.
Getting started writing Java
First you must go and get Java. You can download the JRE, which is the Java Runtime Environment, this is good for using Java but not what we need to compile Java applications. You need to download the SDK, which is the Software Development Kit. Once you have installed this free download you will have two important tools. The first is the javac command which is for compiling the program, and there is the java command for running your program. Once the SDK is installed you try typing javac, if you get an unrecognized error you should put the line
PATH=$PATH:/usr/java/j2sdk1.4.2/bin (or replace /usr/java/j2sdk1.4.2/bin[/i] in whatever is the place to javac (this can be found with locate javac)in your /etc/profile file. This way the commands are accessible from anywhere. For writing the programs, most text editors will work (not word processors though, they format the text) but I prefer Kwrite because after you save it as a java file it colors all the text and makes blocks of code collaspable and expandable. First we are going to do an analysis of a simple program.

/*
This is a simple, simple app.
They will get more fun in time
:)
*/
class First {
public static void main(String args[]) {
System.out.println("Yea! I wrote JAVA");
}
}

Starting at the top you will see the /* and */ markings. This is for a multi-line comment, anything inside of here will be ignored by the Java compiler. You can also add singal line comments with the // markings with everything after the // as a comment.
class is the part of the program that everything is inside of.
First is the title of the program, you have to save it as whatever you have after class, and this case-sensitive.
public is specifying main(String args[]) as being accessable to code outside of its class.
static allows main(String args[]) to be used before any objects have been created.
void Saying that main(String args[]) itself doesn't give output
main(String args[]) { is a method, this is where the code starts executing, you don't need the Sting args for this program but you will need it later so get used to typing it. :)
System.out.println is simply telling the system to print and the ln is telling it to make a new line afterwards. You could also just put print instead of println. Everything in parentheses is where you can type messages.
} The first one is closing the public static void main() { line and the second is closing the class First {.
Once you have this done this, save your file, but make sure to save it as First.java. Next, get a command prompt and go into the folder where you saved your Java file and type
javac First.java
Nothing fancy should happen. If something does, just copy and paste the program off of this document and it should compile fine. Nearly all of my errors with Java are typos that the compiler will let me know about. After this, you should have a file called First.class. Make sure you are in the same directory as First.class and type
java First
and you should see
Yea! I wrote JAVA.
You do not need to include .class when you are running the program.

Next, we get started with variables. Variables can be any sort of things that you assign a value to.

class var {
public static void main(String args[]) {
int v;
v = 5;
System.out.println("v is " + v);
}
}

The output should be v is 5
Since I have already explained most of the things in the previous program I will explain what the new things do.
int v; This is declaring that there will be an integer variable. You must declare a variable before you use it. This variable is call v. The names can be longer then one character and are case sensitive.
v = 5; v is now being assigned the value 5.
System.out.println("v is " + v); Like before, the System.out.println command is being used, everything inside of quotes is what you type. To add the value of v just a the + v outside of the quotes.
Once you have complied the program and ran it you should get.
v is 5
You can also do math with Java programs, like in the next example.

class math {
public static void main(String args[]) {
int a;
int b;
int c;
a = 5;
b = 9;
c = a * b;
System.out.println( a + " times " + b + " is " + c);
}
}

The output will be 5 times 9 is 45
Along with *, you can also use the +, -, and / signs for math. You can also do things like b = b * a where what the variable equals includes itself. The next program demonstrates a loop.

class loop {
public static void main(String args[]) {
double gallons, cups;
for(gallons = 1; gallons <=10; gallons++) {
cups = gallons * 16;
System.out.println(gallons + " gallons is " + cups + " cups.");
}
}
}

The output will be

1.0 gallons is 16.0 cups.
2.0 gallons is 32.0 cups.
3.0 gallons is 48.0 cups.
4.0 gallons is 64.0 cups.
5.0 gallons is 80.0 cups.
6.0 gallons is 96.0 cups.
7.0 gallons is 112.0 cups.
8.0 gallons is 128.0 cups.
9.0 gallons is 144.0 cups.
10.0 gallons is 160.0 cups.

The first thing different about this program is double instead of int. Int declares an integer, these work for a lot of things but loose precision if you were to divide 9 by 2, or dealing with anything that has a decimal. For things with decimals you can use float or double. There are also different types of integers other then int. Int is 32 bits, so it covers from 2,147,483,647 to -2,147,483,648. As its name suggests, long is a very long integer, 64 bit, it can handle numbers slightly over 9,200,000,000,000,000,000 and slightly under the negative. For the smaller numbers you might want to look into short (16 bit, 32,867 through -32,768) and byte(8 bit, 127 through -128). And for characters, you use char.
Getting back on track, the next thing you will notice it the two variables being declared are separated by a comma. This saves time, I can write
double a, b, c, d;
instead of writing out
double a;
double b;
double c;
double d;
The line with for is the loop itself. The basic form of for is for(starting; restrictions; count by) statement;
The gallons = 1; is saying we want the loop starting at 1. You could start it at 57 or -23 if you wanted. gallons <= 10; is saying count everything less then or equal to 10. Here are some important things that will come in handy many times
== equal to
!= not equal to
< less than
> greater than
<= less than or equal to
>= greater than or equal to
And gallons++ is the same as writing out count = count+1 If you want to count by 2s use count = count+2 or 3s use count = count+3 and so on. The { starts a new block of code, inside we assign cups the value and what to display when the loop is complete.
This next program will use the if statement.

class ifif {
public static void main(String args[]) {
double a, b;
a = 5
b = 4
if(a == b) System.out.println("Since 4 will never equal 5 this won't be displayed, if it does, buy a new CPU");
if(a != b) System.out.println("Since 4 isn't equal to 5 this will be displayed");
if(a < b) System.out.println("5 isn't less then 4, this will not be seen");
if(a > b) System.out.println("I think you get it by now");
}
}

If statements are very useful in all types of situations. The if statement can also be used as a block of code, for example

if(5 == 5) {
double e;
e = 5;
System.out.println("e is " + e);
}
This may not seem like a very useful tool, but in time it will become very important. Say for example, you are writing a temperature conversion program. You want to prompt the user "Press A to convert Fahrenheit to Celsius or B to convert Celsius to Fahrenheit" You would have something like
if(input == A) {
Here is the program to convert Fahrenheit to Celsius
}
if(input == B {
Here is the program to convert Celsius to Fahrenheit
}
This way only the code needed is executed. Of course, you won't actually use [i]input, that is just easy to understand for now.
Here is a program that uses user input to find weight on the moon.

import java.io.*;
class moon {
public static void main(String args[])
throws java.io.IOException {
double e;
double m;
System.out.println("Please enter your weight to get the moon equivalent.");
String strA = new BufferedReader(new InputStreamReader(System.in)).readLine();
e = Double.parseDouble(strA);
m = e * .17;
System.out.println("Your weight on the moon would be " + m + " pounds");
}
}

This one is more complex. import java.io.*; is bringing in things needed for input. The throws java.io.IOException is for error handling. String strA = new BufferedReader(new InputStreamReader(System.in)).readLine(); is going to get the input and the next line is going to assign e the input. From there it is easy. So knowing most of this you can create simple, but useful applications like this.

import java.io.*;
public class triangle {
public static void main(String args[]) throws java.io.IOException {
double a;
double b;
double c;
System.out.println("A is? "); //asking for a
String strA = new BufferedReader(new InputStreamReader(System.in)).readLine();
a = Double.parseDouble(strA);
System.out.println("B is? "); //asking for b
String strB = new BufferedReader(new InputStreamReader(System.in)).readLine();
b = Double.parseDouble(strB);
System.out.println("C is? "); //asking for c
String strC = new BufferedReader(new InputStreamReader(System.in)).readLine();
c = Double.parseDouble(strC);
if(c == 0) { //the block that finds out what c is
b = b * b; //getting b squared
a = a * a; //getting a squared
c = a + b; //a squared + b squared equals c squared
double x=Math.sqrt(c); //finding the square root
System.out.println("C is " + x); //telling what c is
}
if(b == 0) {
c = c * c;
a = a * a;
b = a - c;
if(b <= 0) b = b * -1; //ensuring that the program will not to try to find the square root of a negative number
double y=Math.sqrt(b);
System.out.println("B is " + y);
}
if(a == 0) {
b = b * b;
c = c * c;
a = c - b;
if(a <= 0) a = a * -1;
double z=Math.sqrt(a);
System.out.println("A is " + z);
}
}
}

You get prompted for A,B and C side of a right triangle, if you don't know one side, enter in 0 for that one. The only new stuff is double x=Math.sqrt(c); this is just declaring x and at the same time saying it is the square root of c. Thanks to
moeminhtun on help with the input. This is only scratching the surface of what can be done with Java so here are some more sources that have great information.
Sun has some a lot of documentation on there website.
Java 2: A Beginner's Guide is a great book. This is not a for Dummies book though. It has a steeper, yet easy to follow learning curve. On the right hand side of this page you will also see a link called "Free downloadable code", download this code and look though it, you can learn a lot.
A complete explanation of the Java buzzwords
Some more information from Sun
Beginning Java 2 SDK 1.4 Edition
Learn to program with Java

Save your laptop from crashing when power source is changed

2006-05-17T21:14:00.000-07:00

Like most people who have complained about this problem I had recently upgraded to mandrake 9.2 and was surprised by the lack of problems usually associated with upgrading distro's. My surprise turned to horror when I realized the my laptop a Dell Inspiron 8000 would freeze as soon as I unplugged the a/c adapter or plugged in the a/c adapter. After searching for days for the fix and listening to contradictory advice I had finally sorted out the good from the bad information and concluded that a kernel recompile was necessary.

Imagine my surprise after recompiling and realizing that the very cool and professional looking graphical boot was gone. This took a whole 8 hours to sort out. This tutorial is geared specifically for Mandrake users, however the information and the steps for recompiling the kernel to fix the power problem will work on any distro. The tutorial will also seek to explain how the frame buffer sections of the kernel source work, so that you're new kernel will have a clean looking high resolution console. The tutorial will also show mandrake users and users of other distro's which use Bootsplash how to modify their initrd image to boot up with a nice jpeg image.

First things first, the cause of the freezing is that you're particular laptop does not implement the apm bios correctly. So when the kernel boots up and uses apm the calls lock your bios. Unlike most posts in forums across the Internet, the problem is not the acpi interface but the apm. The problem also exacerbated by the use of the local apic on uniprocessor systems and systems with Pentium 4 processors.

So, if you want to recompile the kernel the first thing to do is to download the kernel sources for your distro. If you have a distro like Mandrake which heavily modifies their kernel with programs like supermount you may want to use their kernel instead of the kernels at www.kernel.org. If you are using mandrake an easy way to get the latest kernel sources is to click on your start menu in either KDE or Gnome then mouse over configuration then mouse over packages and finally click on install software. Once the RPMDrake window comes up you can type kernel into the search field. The search should bring up a number of things click on the latest kernel source file it should be an srpm. For those of you who do not want to use the distro's kernel or for people who do not have an easy way of getting their kernel installed you will have to download either a rpm or a tar ball.

Once the kernel is installed you will have to switch to the kernel directory you can do this by typing cd /usr/src/linux (the following assumes you are using the root account). This command will take you to the source directory. If you have compiled a kernel previously you can type: make mrproper. Once this command is done you will have to configure the kernel, which you can do in several different ways. The first is to type make xconfig which will let you configure the kernel inside Xwindows. The second way is to type make menuconfig which will give a text based menu to configure the kernel. For the purposes of this tutorial I will be using make xconfig. So now the menu is on the screen in front of you and looking through all those options can seem like a daunting task. I will try to briefly explain hat each of the options is for and which ones we want to set for our purposes.

The menu is divided into many different sections which at first seem random but actually it is a very ordered system. The kernel is the machine which connects all of your programs to the hardware to put it in an over simplified way. You will notice that the options are split up with the processor and motherboard features in once section. Memory and block devices, eg Hard drives, in another. You will also notice a section for all of the networking options and so on. The first section which we need to modify to fix our freezing problem is the processor type and features section. Click on this section. You will notice this brings up another window with more options in it. The first option allows you to select what processor you are using, it is probably set to i386 generic. We are not here to change this setting, but since we are here it wont hurt to set it appropriately which might even give you a slight performance boost. Further on down you will see to options one option is to enable Toshiba laptop support, If you have a Toshiba laptop enable this feature. The next option asks whether you want to enable Dell laptop support, since I have a Dell I enabled this feature.

A quick note about modules: The debate rages over whether a monolithic or modularized kernel is better. The truth is that each type of kernel has its own advantages and I find myself somewhere in the middle. By using all modules you will find that for instance loading a pcmcia card with module support will take a little longer to load and will use a little more Memory, however if you rarely use this pcmcia card it would be to your advantage to compile it as a module that way you do not have to keep the driver in memory the entire time. I will leave the decision on whether to make a monolithic or modularized kernel up to you, However certain thing must be compiled in and not used as a module. For instance the file system that your root partition is on should be compiled into the kernel, compiling as a module will result in a kernel panic during boot.

Further down you will see and important option it says Local apic support on uniprocessors we ant to disable this feature as it is one of the three things that contribute to the lockups. After selecting no to this question we can close this window by clicking main menu. The next section that we need to look at is the general setup section. Click on General Setup to enter this section now. The next thing that we must enable is pci hotplug support. Click on PCI hotplug Support now to enter the sub menu. Now in the new menu disable the first option Support for PCI Hotplug (experimental) after you have disabled this click main menu to return. Now scroll further down this window we want to disable Advanced Power Management Bios Support. After this is disabled scroll further down until you see acpi support which is the last thing on the list. Click on acpi support which brings up another menu. In this menu acpi support should be enabled and everything else as either a y or a m. Now that you are done with this window click main menu and click main menu again to return to the first menu. Now you have done everything you need to fix the crashing problems. You might also ant to check out the file system tab and make sure what ever file system you are using as root is compiled in and not as just a module. After doing all of the following you might want to also go through each menu and turn off the drivers for hardware you don't have or don't plan to get. This will decrease the compiling time and size of your kernel tremendously. After going through the rest of the source code and setting everything to your liking the next step is to click save and exit. The window will disappear and save all your setting. The next step is to go back to the prompt and compile the kernel.

The kernel can be compile by type two very simple lines at the prompt. Make sure you are in the source directory /usr/src/linux if you are not then get there.
[root@localhost Linux]# make dep && make clean && make bzImage && make modules
after this you will need to type one more thing:
[root@localhost linux] # make modules_install && make install

After this completed which could take anywhere from 15 to 45 minutes you're new kernel will be complete. You next have to edit your lilo.conf file /etc/lilo.conf and add a couple things.
Your lilo.conf file should have a new entry at the bottom that has your new kernel number eg
image=/boot/vmlinuz-2.4.xx-xxmdkcustom (or something similar)
label=(new name)
root=/dev/hda1 (or your equivilent)
read-only
optional
append=?noapic devfs=mount splash=silent? (make sure to add ***noapic****)
init
=/boot/vmlinuz-2.4.xx-xxmdkcustom.img
vga=791 (this is my setting however depending on resolution your framebuffer may vary)

After adding noapic to the append line save the file and exit. But do not run lilo yet. If you are running a mandrake 9.2 kernel and want to put that pretty splash bootup screen back you have some more work to do.
[root@localhost linux]# cd /usr/share/bootsplash/scripts

this will take you to the scripts directory Where you will use this script to put back your boot image
[root@localhost linux]# sh make-boot-splash /boot/initrd-2.4.xx-xxmdkcustom.img (where this is the name of your new kernel.)
when you are done with this command type:
[root@localhost linux]# lilo (this will update your boot loader and insure that the new kernel with splash screen is used)
after this you are done reboot your os and make sure that it works alright. Have fun and good luck. I hope this solves the problem with freezing of the laptops when the power source is changed. I will write a second tutorial later covering the frame buffer in more detail.

How to configure TV card on Linux

2006-05-17T21:12:00.000-07:00

Like quite a few people I had lots of problems getting my new tv card to work. From what I can tell hotplug usually doesn?t detect and assign the correct card number.

Assuming you have a standard kernel it should have all the modules you need.

Firstly you must identify your card number by finding your card on this list, or googling if its not there.

card=0 - *** UNKNOWN/GENERIC ***
card=1 - MIRO PCTV
card=2 - Hauppauge (bt848)
card=3 - STB
card=4 - Intel Create and Share PCI/ Smart Video Recorder III
card=5 - Diamond DTV2000
card=6 - AVerMedia TVPhone
card=7 - MATRIX-Vision MV-Delta
card=8 - Lifeview FlyVideo II (Bt848) LR26
card=9 - IMS/IXmicro TurboTV
card=10 - Hauppauge (bt878)
card=11 - MIRO PCTV pro
card=12 - ADS Technologies Channel Surfer TV (bt848)
card=13 - AVerMedia TVCapture 98
card=14 - Aimslab Video Highway Xtreme (VHX)
card=15 - Zoltrix TV-Max
card=16 - Prolink Pixelview PlayTV (bt878)
card=17 - Leadtek WinView 601
card=18 - AVEC Intercapture
card=19 - Lifeview FlyVideo II EZ /FlyKit LR38 Bt848 (capture only)
card=20 - CEI Raffles Card
card=21 - Lifeview FlyVideo 98/ Lucky Star Image World ConferenceTV LR50
card=22 - Askey CPH050/ Phoebe Tv Master + FM
card=23 - Modular Technology MM205 PCTV, bt878
card=24 - Askey CPH05X/06X (bt878) [many vendors]
card=25 - Terratec Terra TV+ Version 1.0 (Bt848)/Vobis TV-Boostar
card=26 - Hauppauge WinCam newer (bt878)
card=27 - Lifeview FlyVideo 98/ MAXI TV Video PCI2 LR50
card=28 - Terratec TerraTV+
card=29 - Imagenation PXC200
card=30 - Lifeview FlyVideo 98 LR50
card=31 - Formac iProTV
card=32 - Intel Create and Share PCI/ Smart Video Recorder III
card=33 - Terratec TerraTValue
card=34 - Leadtek WinFast 2000
card=35 - Lifeview FlyVideo 98 LR50 / Chronos Video Shuttle II
card=36 - Lifeview FlyVideo 98FM LR50 / Typhoon TView TV/FM Tuner
card=37 - Prolink PixelView PlayTV pro
card=38 - Askey CPH06X TView99
card=39 - Pinnacle PCTV Studio/Rave
card=40 - STB2
card=41 - AVerMedia TVPhone 98
card=42 - ProVideo PV951
card=43 - Little OnAir TV
card=44 - Sigma TVII-FM
card=45 - MATRIX-Vision MV-Delta 2
card=46 - Zoltrix Genie TV/FM
card=47 - Terratec TV/Radio+
card=48 - Askey CPH03x/ Dynalink Magic TView
card=49 - IODATA GV-BCTV3/PCI
card=50 - Prolink PV-BT878P+4E / PixelView PlayTV PAK / Lenco MXTV-9578 CP
card=51 - Eagle Wireless Capricorn2 (bt878A)
card=52 - Pinnacle PCTV Studio Pro
card=53 - Typhoon TView RDS + FM Stereo / KNC1 TV Station RDS
card=54 - Lifeview FlyVideo 2000 /FlyVideo A2/ Lifetec LT 9415 TV [LR90]
card=55 - Askey CPH031/ BESTBUY Easy TV
card=56 - Lifeview FlyVideo 98FM LR50
card=57 - GrandTec 'Grand Video Capture' (Bt848)
card=58 - Askey CPH060/ Phoebe TV Master Only (No FM)
card=59 - Askey CPH03x TV Capturer
card=60 - Modular Technology MM100PCTV
card=61 - AG Electronics GMV1
card=62 - Askey CPH061/ BESTBUY Easy TV (bt878)
card=63 - ATI TV-Wonder
card=64 - ATI TV-Wonder VE
card=65 - Lifeview FlyVideo 2000S LR90
card=66 - Terratec TValueRadio
card=67 - IODATA GV-BCTV4/PCI
card=68 - 3Dfx VoodooTV FM (Euro), VoodooTV 200 (USA)
card=69 - Active Imaging AIMMS
card=70 - Prolink Pixelview PV-BT878P+ (Rev.4C)
card=71 - Lifeview FlyVideo 98EZ (capture only) LR51
card=72 - Prolink Pixelview PV-BT878P+9B (PlayTV Pro rev.9B FM+NICAM)
card=73 - Sensoray 311
card=74 - RemoteVision MX (RV605)
card=75 - Powercolor MTV878/ MTV878R/ MTV878F
card=76 - Canopus WinDVR PCI (COMPAQ Presario 3524JP, 5112JP)

card=77 - GrandTec Multi Capture Card (Bt878)
card=78 - Jetway TV/Capture JW-TV878-FBK, Kworld KW-TV878RF
card=79 - DSP Design TCVIDEO
card=80 - Hauppauge WinTV PVR

Write down this number.

Find your tuner type:

Tuner number

type=0 - Temic PAL (4002 FH5)
type=1 - Philips PAL_I (FI1246 and compatibles)
type=2 - Philips NTSC (FI1236 and compatibles)
type=3 - Philips (SECAM+PAL_BG) (FI1216MF, FM1216MF, FR1216MF)
type=4 - NoTuner
type=5 - Philips PAL_BG (FI1216 and compatibles)
type=6 - Temic NTSC (4032 FY5)
type=7 - Temic PAL_I (4062 FY5)
type=8 - Temic NTSC (4036 FY5)
type=9 - Alps HSBH1
type=10 - Alps TSBE1
type=11 - Alps TSBB5
type=12 - Alps TSBE5
type=13 - Alps TSBC5
type=14 - Temic PAL_BG (4006FH5)
type=15 - Alps TSCH6
type=16 - Temic PAL_DK (4016 FY5)
type=17 - Philips NTSC_M (MK2)
type=18 - Temic PAL_I (4066 FY5)
type=19 - Temic PAL* auto (4006 FN5)
type=20 - Temic PAL_BG (4009 FR5) or PAL_I (4069 FR5)
type=21 - Temic NTSC (4039 FR5)
type=22 - Temic PAL/SECAM multi (4046 FM5)
type=23 - Philips PAL_DK (FI1256 and compatibles)
type=24 - Philips PAL/SECAM multi (FQ1216ME)
type=25 - LG PAL_I+FM (TAPC-I001D)
type=26 - LG PAL_I (TAPC-I701D)
type=27 - LG NTSC+FM (TPI8NSR01F)
type=28 - LG PAL_BG+FM (TPI8PSB01D)
type=29 - LG PAL_BG (TPI8PSB11D)
type=30 - Temic PAL* auto + FM (4009 FN5)
type=31 - SHARP NTSC_JP (2U5JF5540)
type=32 - Samsung PAL TCPM9091PD27
type=33 - MT2032 universal
type=34 - Temic PAL_BG (4106 FH5)
type=35 - Temic PAL_DK/SECAM_L (4012 FY5)
type=36 - Temic NTSC (4136 FY5)
type=37 - LG PAL (newer TAPC series)
type=38 - Philips PAL/SECAM multi (FM1216ME MK3)
type=39 - LG NTSC (newer TAPC series)

There is also a radio number but I am not sure where there is a complete list of cards and radio numbers, although you can try here.
http://www.linuxquestions.org/hcl/index.php?cat=120

Now depending on weather your system uses a 2.4.x or 2.6.x kernel we need to change either the /etc/modules.conf (2.4.x) or /etc/modprobe.conf (2.6.x)

Open your favorite text editor as root and open /etc/?correct from above? and add the following subsittuting the card=(your card number) tuner=(your tuner number) and radio=(your radio number)

#TV Card
alias char-major-89 i2c-dev
alias char-major-81 bttv
options bttv card=78 tuner=32 radio=1

Save and exit.

Now restart your computer and install your favorite tv viewing program for example Xawtv or Tvtime and enjoy.

I hope this helps someone.

How to configure LCD/TFT Monitor

2006-05-17T21:10:00.000-07:00

LCD/TFT Monitor Configuration in X.Org
**DISCLAIMER**

I only have one monitor to test this with. The results back have been mixed so far from others. If there is nothing wrong with your display, please don't go mucking about with your .fonts.conf file (at least, back it up first). If you do have problems with your LCD display, then this is a good bet to try. If you have any success or failure, please do report this back, and changes, if any, that you made to your .fonts.conf file and any other file (perhaps /etc/X11/xorg.conf?) Comments, corrections and thoughts are always welcome.

This may well also work with XFree86 > 3.3, since they use the same font configuration files as this. Older versions have a non-XML font configuration setup ( I don't know when the switch over was made though), and I will *not* cover this.

Contents

1) Prologue
2) Introduction
3) Thanks
4) What You'll Need
5) Physical Setup
6) Settings
7) Thoughts
Non TrueType fonts
Gtk/qt
8) Appendix A
9) Bibliography

1. Prologue

The scenario: On 10th November 2004, my Sony CPD-210EST 17" CRT monitor reached the end of its life. At 11:13am (GMT) 11th November, it was declared DOA. In its place, since no one really sells decent CRT monitors any more, I replaced it with a Hyundai Q17+ 17" LCD/TFT monitor.

2. Introduction

LCD/TFTs display fonts very differently to a CRT. If you have a distribution that can deal with this all, then great. If not, with default settings on X.Org/Freetype, the results for fonts are painful to say the least. This is further compounded by the fact that all the 'helpful' HOWTOs out there are badly out of date, referring to ancient versions of the now defunct XFree86. Whilst there are a few sites out there with bits of information, no one site has put together a workable solution specifically for an LCD on a modern distribution.

This exists, therefore, to show the naysayers that they're wrong, and that you _can_ enjoy nice looking fonts in Linux.

(Please note, this is _not_ an exhaustive HOWTO, and it is _not_ a HOWTO about .fonts.conf (please see my Bibliography for a site detailing the tags available in .fonts.conf. This HOWTO is only about configuring an LCD and what works best for one))

3. Thanks

Transformer, The ? For blowing up on my last monitor and leading me to an LCD.
synaptical ? First person to report back that my .fonts.conf actually worked elsewhere!
J.W. - Suggested that I actually write this up on LQ.org

4. What You'll Need

Your favorite text editor (not vi, obviously =:-P)
X.Org (or a later edition of XFree86 >3.3? Not tested on XFree86 though)
An LCD/TFT monitor (obviously! I haven't tested this on laptops, but I'm told it does make a difference)

5. Physical Setup

?It's alive!?

(I humbly apologize in advance for this section, but better safe than sorry.)

Plug up your LCD. Where possible, use the DVI-D (i.e. The digital, not analogue VGA) connector. Then, ensure the viewing angle of your LCD is correct. Play around with it until you are happy.

6. Settings

?Treachery, faith and the X server?

As far as I know, there is no special configuration of X needed for an LCD monitor. Just create the necessary entry for a monitor in /etc/X11/xorg.conf with the correct refresh rates as normal and enjoy (the monitor may even be able to give you these, mine does.) I won't cover this in any more detail, as it's pretty standard and covered better elsewhere.

X will also detect the correct sub-pixel alignment, so you don't need to deal with that either.

?Damned, dirty fonts?

The real problems begins with font rendering in X. If you are switching over on your machine from a CRT to an LCD, I can guarantee that what is facing you at first sight will be unpleasant to say the least.

Of course, this isn't down to X, as in all modern X servers from X.Org (and the later ones from XFree86) Freetype is responsible for all font rendering (any other modules loaded in your /etc/X11/xorg.conf for font rendering are anachronisms: they are no longer used, and X tells you they don't exist.) Therefore, we need to throw everything that Freetype has against these fonts to cure this.

If you're using KDE or GNOME, you'll find they have tools for doing what I'm going to describe. However, I would recommend _against_ using them. I've found their attempts and generating and editing a .fonts.conf file to be dubious to say the least. It is much more preferable to edit the file yourself, and since it is now done through a well defined XML file, this isn't as bad as it once appeared to be (judging from some of those ancient HOWTOs).

Crank up your editor and load ~/.fonts.conf.

If it exists: Just add these sections to it, inside the tags.
If it doesn't exist: Use my .fonts.conf from Appendix A as your .fonts.conf and edit as necessary. I have annotated the file, and you can also easily follow my instructions below (but all these sections are already in my example file)

The steps are:

1. Ensure that the sub pixel order is _not_ specified.

This goes against everything that all the other HOWTOs put together say, but there is yet method in my madness.

X knows the sub pixel order already, and if this is enabled as well, Freetype produces some very strange results. However, if you do still have problems, consider replacing 'none' with 'rgb' (the standard for LCD monitors), 'bgr' (unusual), 'vrgb' (vertical rgb, if you have a monitor that has been rotated by 90 degrees[1]), 'vgbr' (as vrgb, but very rare).

none

2. Enable sub-pixel hinting

This is what really starts to make the difference. Visit http://grc.com/ctwhat.htm for the technical explanation of why we're doing all of this.

true

3. Set the hinting amount.

Usually, this should be full. Valid options are 'none', 'hintslight', 'hintmedium' and 'hintfull' which should be fairly self explanatory if you've read the article at the link above.

hintfull

4. Enable anti aliasing

This makes the fonts start to look nice, but some of the shapes will be distorted, so we need the Freetype autohinter.

true

5. Enable the Freetype autohinter

Autohinter is not turned on automatically. Only disable this if you have recompiled Freetype with the bytecode interpreter, which is run automatically.

Although to be honest, Freetype are right, and the autohinter is actually better. Note that OpenOffice.org binaries from the OOo website are built against the bytecode interpreter, so even if you have compiled Freetype with the bytecode interpreter and override it with the autohinter, OOo will still use the bytecode interpreter.

true

6. Testing

Just load any application up, and the changes should be immediately obvious (I used Mozilla Firefox, by opening and closing it after every tweak of .fonts.conf, I was able to see the changes immediately).

7. Make changes system wide

If you like your users (however ungrateful they may be), you can apply these changes system wide, using /etc/fonts/local.conf

If it exists, just append the sections you added above to it.
If it doesn't, use your .fonts.conf as /etc/fonts/local.conf, and edit it as necessary

(The order of precedence for processing is /etc/fonts/fonts.conf (automatically generated, don't edit it), /etc/fonts/local.conf then ~/.fonts.conf - meaning your local .fonts.conf will always override the system settings).

7. Thoughts

Non TrueType fonts

Non TrueType fonts don't render well on LCDs as they don't support anti aliasing. For these fonts (e.g. Helvetica), it is recommended that you specify an alternative TrueType font (that is hopefully similar, but it doesn't have to be!) to use instead (in this case, whatever the default sans-serif font on the system is):

Helvetica

sans-serif

You can easily reuse this for other fonts. Just copy and paste, then replace 'Helvetica' with the font to replace, and 'sans-serif' with the font you want to replace it with (or you can use the generic descriptions 'serif', 'sans-serif' or 'monospace').

Gtk/qt

Some programs (usually older ones) using these libraries may not always use anti aliased fonts, even if you've specified them in .fonts.conf. This can fixed by:

Gtk: Add the following to /etc/profile:
export GDK_USE_XFT='1'

qt: In ~/.qt/qtrc, ensure the following entry is present under [General]:
enableXft=true
useXft=true

Programs coded using Gtk 1.x don't appear to support anti aliasing properly ? you may want to consider replacing them with ones that use Gtk 2.x (e.g. Replacing XMMS with its Gtk2 fork, Beep Media Player)

8. Appendix A

The following is my .fonts.conf file. Just drop it into your home directory, load up a program and compare it to your already running ones. If the results are good enough, then you can add the contents of this file to /etc/fonts/local.conf (if it doesn't exist, just create the file with the .fonts.conf. If it does, copy what you need inside the tags) to override the settings for all your users, and save them from having to figure this out.

If it doesn't work, then I have annotated the file to indicate what you might need to change.

How To Track Bandwidth Usage with RTG

2006-05-17T21:06:00.000-07:00

I?d like to monitor bandwidth usage. What should I use?

If you?re interested in monitoring bandwidth and have done a little research, you probably have run across MRTG, RRDtool, and Cricket. While these three packages are all fantastic and popular tools, you should also consider a lesser known tool named RTG. (Learn about all of your options, and then choose the utility that best suits your needs.) As of this writing, the current version of RTG, which is available from http://rtg.sourceforge.net and is licensed under the GPL, is 0.7.4.

Designed for enterprises and service providers that need to collect time-series SNMP data from a large number of targets, RTG is a flexible, scalable, high-performance SNMP statistics monitoring system. All collected data is inserted into a relational database that provides a common interface for applications to generate complex queries and reports. Currently the only officially supported database is MySQL, but PostgreSQL support is available in CVS.
Written in C, RTG runs as a multi-threaded daemon, making it extremely lightweight and fast. Unlike tools such as MRTG, it does no data averaging. The up-side to this is that you can get information from arbitrary time intervals and get exact information suitable for billing. The downside is that, as time goes on, you have more and more data to store (MRTG data files never grow due to the data consolidation algorithm it uses).
Installation is the usual ./configure && make && make install. You?ll need the MySQL libraries, often called mysql-devel by distributions, and Net-SNMP libraries to perform the install. After the make install is complete, run the included script to create the necessary MySQL database, tables, and user.

$ /usr/local/rtg/etc/createdb mysql_root_password

Now that the database is setup, add any routers you want to monitor to /usr/local/rtg/etc/routers. The format is device:community:bits, where device is the DNS name or IP address of the device you?d like to monitor, community is the SNMP community name, and bits is an optional parameter to allow you to change the default behavior of using 32-bit SNMP counters. After you?ve entered each device on its own line, run /usr/local/rtg/etc/rtgtargmkr.pl, which creates a targets.cfg file.
You are now ready to run the RTG poller:

$ /usr/local/rtg/bin/rtgpoll ?v ?t /usr/local/rtg/etc/targets.cfg

If the poller fails to find a configuration file, it creates one named rtg.conf in the current directory. (You may need to edit this file if your installation is non-standard.) By default, rtgpoll stays in the foreground. Once you have everything configured and working correctly, add the appropriate line to run rtgpoll in the background to your startup scripts.
Now that you have the poller running, take a look at the data. RTG provides a variety of web scripts to display the information. Additionally, since the data is simply stored in the database, you are free to write a script in your preferred language to present the data in a way that? most useful to you.
For this article, let?s assume that you already have a PHP-enabled web server running. First, copy the included scripts to a directory accessible from your web server.

# cp /usr/local/rtg/web/* /var/www/html/rtg/
# cp /usr/local/rtg/bin/rtgplot /var/www/html/rtg/rtgplot.cgi

You can now view Interactive Reports at http:// your_machine /rtg/rtg.php; 95th percentile queries at http:// your_machine /rtg/95.php; and MRTG-style overview and daily, weekly, and monthly plots at http:// your_machine /rtg/view.php.
You can also call rtgplot.cgi directly by passing in the appropriate parameters.
Additionally, RTG provides a command-line Perl script that yields plain, text reports. For instance, typing $./report.pl customername 01/01/2005 01/02/2005
generates a report like that shown in Figure One.

FIGURE ONE: The output of RTG?s reporting script

customername Traffic
Period: [01/01/2005 00:00:00 to 01/03/2005 00:00:00]

In Out Avg In Avg Out Util Util Max In Max Out Max Ut Max Ut
Connection MBytes MBytes Mbps Mbps In % Out% Mbps Mbps In% Out%
----------------------------------------------------------------------------------------------------------
Ethernet0/1 x.x.x.x 106 212 0.08 0.16 0.80 1.60 0.70 0.90 7.00 14.20

Total: 106 212 0.08 0.16 0.80 1.60 0.70 0.90 7.00 14.20

By using the included scripts and leveraging the ability to write your own custom scripts, RTG will quickly and easily allow you to not only monitor bandwidth usage, but also setup billing scripts, trigger alerts based on custom monitoring thresholds and almost anything else you can imagine.

Live CD Clustering Using ParallelKnoppix

2006-05-17T21:04:00.000-07:00

If you’ve run across Beowulf or another cluster implementation, but thought that assembling your own cluster was either too complicated or too resource-intensive, cheer up! Given five minutes, a specialized, live Linux distribution called ParallelKnoppix, and a handful of ordinary personal computers, you too can build your very own mini-mini-mini-supercomputer.
ParallelKnoppix, a remaster of the Knoppix (http://www.knoppix.org/) live CD distribution, allows you to construct a parallel processing cluster using off-the-shelf desktops, laptops, and servers, and the LAM-MPI and/or MPICH implementations of the Message Passing Interface (and PVM). Moreover, because ParallelKnoppix is a live CD, you can convert a room full of machines — even those running Windows — into a Linux cluster without affecting the natively-installed operating system. Getting a cluster up and running takes about five minutes if all of your machines have PXE network cards. Clusters from two to 200 machines are supported.
Download, Burn, Boot
The first thing to do is download the ParallelKnoppix ISO image from http://pareto.uab.es/mcreel/ParallelKnoppix/ and burn one CD for each computer you’d like to include in the cluster. Next, boot one of the machines you’ll be using with the CD. (Keep in mind that you’ll need at least one Linux accessible partition on this machine. If the machine in question only has NTFS partitions, you can use a USB drive formatted as FAT32 to gain the needed space.) The machine should follow the normal Knoppix boot sequence.
Once the machine is booted, select ParallelKnoppix –> Setup ParallelKnoppix from the KDE menu to start the configuration script. Once in the configuration script, click OK to start the Terminal Server. The next dialog box will ask you how many nodes will be in the cluster, including the master node you’re using at the moment. Next, you’ll be asked to select all of the network drivers needed for the cluster. To simplify things, ensure that each slave machine is setup to PXE boot. While it’s possible to work around this, it complicates the setup and is beyond the scope of this article.
The next screen gives you a couple of cluster options. Keep the default of textmode and do not check the secure box. (See the sidebar “ParallelKnoppix Precautions.”) Next, provide additional boot options, if any. (You can normally leave this blank.)
ParallelKnoppix Precautions
ParallelKnoppix is an extremely insecure distribution. It is not intended for desktop or server use; instead, ParallelKnoppix is designed to be easy-to-use in an environment that can be restored quickly if any disaster occurs.
It’s highly recommended that you run ParallelKnoppix and your entire cluster on a dedicated network that is disconnected from the Internet.
You’re now ready to start the terminal server and are at the point where you’ll need a read/write mountable partition. Select the partition you’d like to use and click OK. A working directory with the name parallel_knoppix_working is created and exported by NFS. Anything you want to be accessible to the cluster should be placed in this directory.
Slaving Away
Now it’s time to boot each of your slaves. Once you’re sure all of the slave node machines are booted, click OK to have them mount the working directory. You should now have a working Linux cluster.
The ParallelKnoppix ISO has some example cluster applications in /home/knoppix/Desktop/ParallelKnoppix/Examples. To run one of them, copy the entire subdirectory (for example, /Octave/) into your working directory. From there, each example should have a README that explains how to run the program on the cluster. One great thing about being a Knoppix derivative is that fact that you can further remaster ParallelKnoppix to suit your needs, which could include your own custom application and data.
With this article and a couple ParallelKnoppix discs, you should be able to have a Linux cluster up and running in no time. This is a great way to get your feet wet with clustering or to prototype your next custom clustering application. Make sure not to forget about the inherent insecurities in this setup. Have fun and enjoy the rocket science.

How to secure your inbox

2006-05-17T21:03:00.000-07:00

Not too long ago, email was a wonderful thing. It provided a fast and easy method to communicate with family, friends, and co-workers, regardless of timezone or location. Unfortunately, due to spam and viruses, many people now find email almost unusable.
Spam

The first item on the agenda is eliminating spam. Spam, or unsolicited commercial email (UCE), is not only a nuisance, it's a productivity killer.

SpamAssassin (SA), which is distributed under the same license as Perl, helps put an end to this problem. Using its rule base, SA performs a wide range of heuristic tests on email headers and body text to identify and score spam. SA can also use blacklists and optional modules such as Razor, Pyzor, and a built-in Bayesian filter that learns new spam characteristics.

One of SpamAssassin's greatest assets is its flexibility. You can install SA in a wide variety of configurations, from a local install in your home directory (on a machine where you do not have root access), to a system-wide install that affects all users. You can also configure SA to allow each individual user to set their own rules, thresholds, and settings. And, because SpamAssassin tags messages by adding additional headers, it allows you to control what happens to each message.

To install SA, do the following as root:

# perl ?MCPAN ?e shell
cpan> install Mail::SpamAssassin

Alternatively, if you don't have root access, you can download the source from http://www.spamassassin.org and do the following after unpacking the tarball:

% cd Mail-SpamAssassin-*
% perl Makefile.PL PREFIX=~/sausr
SYSCONFDIR=~/saetc; make; make install

After you install SA, look at the configuration file called local.cf. This file allows you to whitelist certain addresses, tweak rules, add custom rules, enable/disable specific tests, and change a variety of other options.

You can also choose how you'd like to integrate SA into your MTA (if site-wide), or how you'd like to process your mail with SA (local install). SA works well with sendmail, qmail, PostFix, Exim, and most others. It can even be called via procmail, milter, AMaViS, MIMEDefang, or QMAILQUEUE.

If you installed SA in your home directory, you can put the following two rules in your procmailrc file to run SA on your mail and sort spam into a folder named caughtspam:

:0fw: spamassassin.lock
/home/user/sausr/bin/spamassassin
:0:
* ^X-Spam-Status: Yes
caughtspam

While running SpamAssassin as above is fine for small setups, most large or system-wide configurations should consider running spamd/spamc, which improves performance by avoiding the overhead of starting Perl for each message.

Viruses

You may be thinking, "I use Linux, why do I need a virus scanner?" While it's true that not many viruses have targeted Linux, as Linux's popularity grows, it's likely that the number of viruses will increase. Beyond that, many people who run a Linux machine may have a mail server setup for a few friends and family. Some of these users likely use an operating system that is more prone to viruses. By scanning for viruses, you're not only doing them a favor, but are helping stop the spreading of viruses. After all, if everyone had an up-to-date virus scanner, the outbreaks that we've come to accept would be much less common.

Luckily, there is a free GPLed virus scanner called ClamAV (available from http://clamav.sourceforge.net/) that keeps updated definitions. Like SpamAssassin, ClamAV can be run in both system-wide and local configurations, and allows easy integration with many MTAs. It can also be called via procmail, milter, AMaViS, MIMEDefang, or QMAILQUEUE, and allows you to either reject or quarantine infected messages.

As ClamAV integration can be quite specific to your environment, specific installation and configuration instructions are beyond the scope of this article, but the install is the standard ./configure && make && make install. After installation, become acquainted with the configuration file clamav. conf, and choose between using clamscan or clamd/clamdscan. ClamAV also comes with freshclam. It can be run as a daemon or via cron to keep virus definitions up-to-date.

Linux need Antivirus or not

2006-05-07T21:00:00.000-07:00

Beginner's Questions - Do I need antivirus protection when I use Linux?

In the sense that you would run an additional program on your Linux system
to help protect your system against viruses, no. There are very few viruses
that affect Linux systems. The design of Linux and the commonly used
applications make viruses for Linux much harder to write. The most common
ways for viruses to spread are designed out of a Linux environment.

It is still possible for a Linux system to be "owned" by an attacker, they
just use security holes to attack your computer, rather than trying to get
you to execute a program for them. I had it happen to me several years ago.
I was running a program that had a design flaw that could be remotely
exploited, and I didn't know it. When such flaws are discovered in Linux
programs, they are fixed as soon as possible, but there is no such thing as
a "perfect" system. Any sufficiently complex system has flaws, and Linux is
sufficiently complex :-).

"Security is a process, not a product" is a common saying in the security
community. Some things you can do to improve security on your Linux system:

Stay caught up on security related patches for your Linux system. All of the
Linux distributions that I am familiar with offer a way to automatically be
notified when new security patches are available for your system. You should
install such security patches as soon as they are available. The time from
the publication of a security flaw to first exploit is a matter of hours in
some cases.
Use good passwords (composed of mixed case and symbols, not just lower case
letters, no dictionary words).
Turn off any processes that you don't need. How do you know if you need a
process? That takes quite a bit of research, but most Linux distributions
start out with as few processes running as they can, and require you to take
extra steps to turn on additional processes when you need them.
Use a firewall, either as a separate box between your computer(s) and the
internet or running on your computer(s). Linux has very good firewall
capabilities (look for documentation on "iptables" for current versions of
the Linux kernel). The goal of a firewall is to block most attempted attacks
before they even get to the processes running on your computer.
There are several security-related howto's at The Linux Documentation
Project http://tldp.org.

Ironically, many people who use Linux systems as file servers for Microsoft
Windows systems run a virus checker on their Linux systems. However, the
virus checker is looking for viruses that affect Microsoft Windows systems,
not Linux viruses.

Check out some AntiVirus software -

www.pandasoftware.com/download/linux/linux.asp

www.clamav.net/

free.grisoft.com

_________________________________________________________________
Get MARRIED the SMART Way! Join Shaadi.com-FREE!
http://www.shaadi.com/ptnr.php?ptnr=msnhottag

How to take backup of Inbox

2006-05-06T02:22:00.000-07:00

Take Back Your Inbox

Not too long ago, email was a wonderful thing. It provided a fast and easy method to communicate with family, friends, and co-workers, regardless of timezone or location. Unfortunately, due to spam and viruses, many people now find email almost unusable. In this month's Tech Support, let's take back that inbox.

Spam

The first item on the agenda is eliminating spam. Spam, or unsolicited commercial email (UCE), is not only a nuisance, it's a productivity killer.

SpamAssassin (SA), which is distributed under the same license as Perl, helps put an end to this problem. Using its rule base, SA performs a wide range of heuristic tests on email headers and body text to identify and score spam. SA can also use blacklists and optional modules such as Razor, Pyzor, and a built-in Bayesian filter that learns new spam characteristics.

One of SpamAssassin's greatest assets is its flexibility. You can install SA in a wide variety of configurations, from a local install in your home directory (on a machine where you do not have root access), to a system-wide install that affects all users. You can also configure SA to allow each individual user to set their own rules, thresholds, and settings. And, because SpamAssassin tags messages by adding additional headers, it allows you to control what happens to each message.

To install SA, do the following as root:
`# perl �MCPAN �e shell cpan> install Mail::SpamAssassin`
Alternatively, if you don't have root access, you can download the source from http://www.spamassassin.org and do the following after unpacking the tarball:
`% cd Mail-SpamAssassin-* % perl Makefile.PL PREFIX=~/sausr SYSCONFDIR=~/saetc; make; make install`
After you install SA, look at the configuration file called local.cf. This file allows you to whitelist certain addresses, tweak rules, add custom rules, enable/disable specific tests, and change a variety of other options.

You can also choose how you'd like to integrate SA into your MTA (if site-wide), or how you'd like to process your mail with SA (local install). SA works well with sendmail, qmail, PostFix, Exim, and most others. It can even be called via procmail, milter, AMaViS, MIMEDefang, or QMAILQUEUE.

If you installed SA in your home directory, you can put the following two rules in your procmailrc file to run SA on your mail and sort spam into a folder named caughtspam:
`:0fw: spamassassin.lock | /home/user/sausr/bin/spamassassin :0: * ^X-Spam-Status: Yes caughtspam`
While running SpamAssassin as above is fine for small setups, most large or system-wide configurations should consider running spamd/spamc, which improves performance by avoiding the overhead of starting Perl for each message.

Viruses

You may be thinking, "I use Linux, why do I need a virus scanner?" While it's true that not many viruses have targeted Linux, as Linux's popularity grows, it's likely that the number of viruses will increase. Beyond that, many people who run a Linux machine may have a mail server setup for a few friends and family. Some of these users likely use an operating system that is more prone to viruses. By scanning for viruses, you're not only doing them a favor, but are helping stop the spreading of viruses. After all, if everyone had an up-to-date virus scanner, the outbreaks that we've come to accept would be much less common.

Luckily, there is a free GPLed virus scanner called ClamAV (available from http://clamav.sourceforge.net/) that keeps updated definitions. Like SpamAssassin, ClamAV can be run in both system-wide and local configurations, and allows easy integration with many MTAs. It can also be called via procmail, milter, AMaViS, MIMEDefang, or QMAILQUEUE, and allows you to either reject or quarantine infected messages.

As ClamAV integration can be quite specific to your environment, specific installation and configuration instructions are beyond the scope of this article, but the install is the standard ./configure && make && make install. After installation, become acquainted with the configuration file clamav. conf, and choose between using clamscan or clamd/clamdscan. ClamAV also comes with freshclam. It can be run as a daemon or via cron to keep virus definitions up-to-date.

Fast Compilation

2006-05-06T02:21:00.000-07:00

Faster and Faster Compilation

Perl and Python may be popular scripting languages, but a great deal of software � including the Linux kernel and Samba, among many others, is still written in C and C++. Accordingly, a wide variety of tools are available to boost C/C++ programmer productivity. This month, let's explore ccache and distcc, two C/C++ tools that take different approaches to saving time. Both tools were written by members of the Samba team and are licensed under the GNU Public License.

Written by Andrew Tridgell and available from http://ccache.samba.org, ccache is a compiler cache. It acts as a caching pre-processor to C/C++ compilers, using the -E compiler switch and a hash to detect when a compilation can be satisfied from cache. Incorporating ccache into your builds should result in in a five to ten-fold increase in speed. You'll gain the most from ccache if you�re continually having to rebuild the same source tree (via make clean && make) or if you perform a lot of RPM rebuilds. ccache produces exactly the same output that the real compiler produces, including the same object files and the same compiler warnings. The only difference is that ccache is faster.

Installing ccache is the typical ./configure && make && make install. Once installed, there are two ways to use ccache. First, you can prefix your compile commands with ccache. For example, changie the CC=gcc line in your Makefile to CC=ccache gcc. Use this method if you'd like to test ccache or if you only plan to use it for some projects.
Alternatively, you can create a symbolic link to ccache from the names of your compilers, which allows you to use ccache without any changes to your build system. Make sure that the symlink appears in your PATH before the actual compiler.

While ccache uses caching to speed up compilation, distcc achieves its speed increase by distributing builds across several machines on a network. Like ccache, distcc always generates the same results as a local build. Written by Martin Pool, distcc is available from http://distcc.samba.org. distcc works by sending each job�s preprocessed source code across the network. It doesn't do any of the actual code compilation itself, it's just a frontend for gcc that utilizes the -j parallel build feature of make. Compilation is driven by a client machine, which runs distcc, make, the preprocessor, the linker, and other stages of the build process. The job is then distributed to any number of machines running the distccd daemon. One nice thing about distcc is that it scales nearly linearly, at least for a small number of machines, so you do not need a lot of hardware to see a benefit.

Installation of distcc is also the normal ./configure && make && make install. Install distcc on every machine that you want to distribute compilation jobs to. After installation, run distccd on each machine as follows:

$ distccd --daemon --allow 192.168.1.0/24

Replace 192.168.1.0/24 with the IP address and CIDR mask of the machines that should be allowed to connect. You're now ready to distribute compiles. First, add the name of the machines you'd like to harness into the DISCC_HOSTS environment variable:

$ export DISTCC_HOSTS="localhost dev1 dev2 dev3"

Always put the machines in order from fastest to slowest, and if you�re using a large number of machines, (you can opt to) omit "localhost" from the list, allowing it to focus on preprocessing. You can now build over the distributed system using the following command:

$ make -j8 CC=distcc

Why 8? As a rule, double the number of CPU�s in the build system and use that number for -j. You may be thinking that it'd be great if these tools worked together, allowing you to cache what could be cached and distributing the rest. You�ll be happy to find out that the tools are completely compatible. Even better, getting the tools to work together is extremely easy. To do so, simply set the CCACHE_PREFIX environment variable to distcc, as in export CCACHE_PREFIX="distcc".

Using ccache and distcc, either separately or together, can save you a large amount of time during tedious rebuilds. Hopefully, it's enough time for a latte.

First task of Linux system administrator

2006-05-06T02:16:00.000-07:00

Linux System Administration: First Tasks

Linux system administration has a place of its own in the hierarchy of information technology specializations. Some people excel in special areas of free software technology but haven't needed to learn system administration. For example, you may specialize in configuring e-mail or writing applications using Apache and MySQL. You may focus only on Domain Names Services and know esoteric ways of setting up servers on provider lines that frequently change IP addresses. But if I asked you to babysit a busy server or servers, you might not have the temperament or have learned the plethora of skills required to do so.

The above does not mean that good system administrators do not excel in areas such as configuring Apache, maintaining DNS zone files or writing Perl Scripts. It simply means that if you want to work as a system administrator in the Linux world, you need to know how to do everything from installing a server to securing the filesystem from mischievous crackers on the Internet. In between, you need to prepare your system to recover from the myriad ways a server can fail.

Consider, for example, a case in which you find that one of the Web sites you manage has gone down; the server has locked up and nothing works. How do you recover in the fastest possible way? Such an event happened to me two weeks ago. One of my articles wound up on Slashdot.org, Digg.com, NewsForge and other sites at the same time. None of my colleagues had seen that much traffic on a Linux site before. Aside from the several million hits on our server, we had a quarter of a million unique visitors concentrated in a five-hour period.

When you see that kind of traffic, you don't want the server to go down or you'll miss new readers. In our situation, a reboot allowed the system to return to service for a few minutes, but then it locked up again. Normally, we used less than ten percent of our system resources, so we thought we had prepared for the hottest day of the year.

Knowing the server and all the running processes, we could shut some down and focus on allowing a massive increase in simultaneous connections to our database. Although we have several thousand subscribers, we turned off processes such as those that restricted comments to registered readers. In the end, we made it through the day with only a short period of down time. But the surge of traffic rocked our boats.

Service outages such as the one described above can happen in the confines of a private network. Many services experience peak usage at specific times. For example, administrators know that one of the heaviest loads they'll have during the day occurs first thing in the morning, when people check their e-mail. People arrive at work about the same time, crank up their e-mail clients and read mail while drinking coffee.

The mail server might experience 75% of its use between 8 and 10 AM. Gateway traffic also increases and bandwidth on the network bogs down. Should you provide separate dedicated servers for mail, routing, proxy and gateway services? The majority of IT shops do that.

What if those computers averaged only 10% of CPU and memory capacity during the course of the day, but required 75% of resources for only a couple of hours a day, five days a week? Rather than buying individual computers, vendors have started recommending higher capacity machines and creating virtual severs.

You might want to configure a little larger metal to provide virtual machines for e-mail and related applications. Then, using Xen for example, you could let each application run in its own space. In that case, you might find server capacity utilization running around 50%, which helps maximize your resources and reduces server sprawl.

A system administrator should know how to climb a learning curve quickly. If a new technology arrives, such as virtualization, you need to master it before it masters you. You also need to know how to apply it in your environment.

What kinds of tasks occupy a system administrators day? That depends on the environment in which he or she works. You may find yourself managing dozens or even hundreds of Web servers. In contrast, you might find yourself running a local area network that supports knowledge workers and/or developers.

Regardless of your environment, you will find that some tasks are common to all system administration functions. For example, monitoring system services and starting and stopping them takes on a role of its own. Your Linux box might appear to be running smoothly while one or more processes have stopped. A Linux server might seem happy on the outside, for example, while the database serving Web pages has failed.

When services to users become critical needs, you need to be prepared and stay ahead of problems. Imagine a failed printing job is locking up a queue, keeping users from getting their documents printed. Do you wait to do something until you hear from irate users, or do you have a way to stay ahead of the problem?

Most system administrators have to face the fact that something will happen at some point that causes down time. Such events usually occur outside of our control. Perhaps your system incurs a power outage or spike. Sometimes a system bug pops up due to a combination of factors that exist only on your server; it's something that never occurred during project testing. In reality, sysadmins never know when a problem will occur; they only know that eventually one will arise.

Administrators need to monitor their systems in an efficient and effective manner. To this end, many administrators have discovered a plethora of monitoring and alert tools within the Free Software community. Some require you to log into a remote system by SSH and run command-line tools such as pstree, lsof, dstat and chkconfig.

Another useful monitoring tool is Checkservice, which provides the status of services on (remote) hosts. It provides results by way of logs, a PHP status page or output to other tools. Some administrators like tiger, which performs a thorough check of a system and reports the results to a log file. You can find a list and explanation of tools for Debian here.

When you have to monitor a larger server farm and do not want to spend all your time logging into remote servers and running command-line tests, look for free software tools you can use with a browser. I like a tool called monit. This monitoring and alert system works on a number of Linux-type systems. Monit provides a system administrator with the ability to define, manage and monitor processes, the filesystem and even devices. You also can configure monit to restart processes if they fail.

Stanford University keeps an updated list of network monitoring tools and sponsors a working group called the Internet End-to-End Performance Monitoring Group. Be sure to check out the latest tools at the top of the Stanford list. Cacti, for example, has become one of the more popular tools among system administrators.

Professional Linux system administration requires you to know a broad number of tasks associated with networking and providing services to users. It takes a special breed of person to work in this capacity. Obviously, many people have both the character and the interest to do the job. Over the next few months, we will explore the tasks that make up Linux system administration. I hope you'll join me for the ride.

Monitor Hard Drive usage

2006-05-04T01:56:00.000-07:00

Monitoring Harddrive usage automatically

If you're maintaining a lot of server's with multiple hard-drives you'll need to know how to manage and watch your harddrives. You know it's getting full or needs cleaning before it's too late and your users can't complete their work because they're out of disk-space. Nothing is worse than franticly trying to reclaim disk-space because you ran out of it. This guide will hopefully aide you in a time-savinf manner.

First of all: check the usage of your hard-drive(s)!


$>df  -h
Filesystem Size Used Avail Use% Mounted on
/dev/hda3 4.4G 3.4G 764M 82%  /
/dev/hda1 14G 4.5G 9.3G 33% /mnt/win32

As you can see my hda3 is at 82%. With the help of scripts you can have this task done at given times, and get an e-mail notification if the percentage of used disk-space reaches a certain threshold.

First we will make a basic bash script that will report if any paritions are over 80%.


#!/bin/bash
df | egrep  "(100%|[89][0-9]%)"

The egrep statement will match any usage between 80% and 100%.

Now let's do this as a timed event:
Type crontab -e to start an empty file where you can add all your cron jobs. (for more info type man 5 crontab)

Now to make a basic cron job that will run everyday at 10p.m..


0 22 * * * df | egrep  "(100%|[89][0-9]%)"

The first number, 0, indicates the minute, the second, 22, is the hour that your job is supposed to run at. The next three *'s are day of month, the month, and day of week respectively.

Finally to have this cron job email you if any of your partition's are filled 80% or more you just add the mail command, like so:


0 22 * *  * df | egrep "(100%|[89][0-9]%)" | mail -s "Warning..."   you@emailaddr.com

The -s is for subject and you@emailaddr.com will be replaced by your email address.

HOWTO install NVIDIA drivers on Linux

2006-05-04T01:54:00.000-07:00

HOWTO install NVIDIA drivers on FC3

I had one heck of a time installing the nVidia drivers on my system, so I thought I would post the steps that worked for me, so others could be spared the pain. I got these instructions from several sources. For the record, these instructions worked on a GeForce 4 MX440 and a GeForce FX5200. They were performed on a clean install of FC 3, and all actions were performed as root. The latest nVidia driver(NVIDIA-Linux-x86-1.0-6629-pkg1.run) was used. I have an AMD Sempron 2600. These instructions will not work unless you have the development packages installed. It has been reported that these instructions do not work on TNT2 cards. However, I have heard there is a work around, but I'm not sure what it is.
Do not type the quotes around the command line commands. These are only there to separate what is to be typed from the rest of the instructions.

READ AND PRINT OUT THIS PAGE BEFORE STARTING

1)Download the latest nVidia drivers to a directory of your choice

2)Edit the /etc/inittab manually using a text editor. Change the line that reads "id:5:initdefault:" to read "id:3:initdefault:" . Certain tutorials will instruct you to use the telinit 3, init 3, or even runinit 3 command. These commands didn't work for me, though. However, they may work for other people.

3)Reboot your system. You will end up in a command prompt environment. DO NOT PANIC. This is what it is supposed to do. Use the "cd" command to move to the directory you downloaded the driver to. For example, if you downloaded the driver to the /root/ folder, then run the command "cd /root/".

4)Now type "sh NVIDIA-Linux-x86-1.0-6629-pkg1.run".

5)Accept the license agreement. Now it will probably say that it could not find the kernel source. You can allow the installation program to look for the source online, but it won't work unless the servers are updated. Now it will say that it needs to compile its own kernel. Please allow it to do so. This is the part of the installation were the development tools are required.

6)Now run the command "cd /etc/X11"

7)Next type "vim xorg.conf". This opens the text editor. Use the arrow keys to move the cursor. Press the Insert key, and on the bottom, either "INSERT" or "REPLACE" will be shown. If INSERT is selected, then when you type the text you types will be inserted before the selected character. If replace is selected, then what you type will replace the selected character(s). Look for a line that reads "Driver "nv"", or "Driver "vega"". Change it to read "Driver "nvidia"". Now go scroll up until you get to "Section "Module"". Make sure that one of the lines between"Section "Module"" and "EndSection" says "Load "glx"". If the lines "Load "dri"" or "Load "GLcore" are present, then comment them out by placing a # at the beginning of the line.

8) To exit and save changes, push esc. Now type ":wq" and hit enter. If you mess up you can quit without saving by hitting esc and then typing ":q!".

9)Now that you are back to command prompt, type "rpm -e --nodeps xorg-x11-Mesa-libGL"
NOTE: If you update "xorg-x11" package with up2date or yum, you will have to do the above command again.

10)Now run "modprobe nvidia"

11)Now run "cp -a /dev/nvidia* /etc/udev/devices
Allow it to overwrite what is there.

12)Now run "chown root.root /etc/udev/devices/nvidia*"

13) Almost there, all that's left is to edit /etc/inittab back to what it was. To do this, type "cd /etc/". Now type "vim inittab" . Change the "3" back to a "5".

14)Reboot by hitting ctl-alt-delete

15)You're done!!!

I hope this helps a lot of people, feedback and more information is certainly welcome.
A special thanks to perfect_circle for helping me with this. Also, parts of this tutorial were taken from http://www.fedoraforum.org/forum/showthread.php?t=26260

How to configure sound card on linux

2006-05-04T01:51:00.000-07:00

Basic sound card hardware debuging

This article is meant to explain how to troubleshoot hardware in linux, more or less based on how to troubleshoot a soundcard.
The person should know how to open a console, and how to run commands as root, and not be afraid to compile the kernel. Compilling the kernel is outside the scope of this document.

1. What is the hardware?
You must know, before attempting to troubleshoot your hardware, the name of you hardware. Is it a USB? PCI? These are very important to know!
A lot of information can be gained by typing /sbin/lspci and /sbin/lsusb . Make sure your hardware is well pluged in and installed.

2. Is it working out of the box?
Does the hardware work out of the box? Have you tried rebooting? Some distro autoconfigure themselves to work with the devices they detect at bootup time. Plugging in a device doesn't automatically mean it'll work immediately, but sometimes it does.

Read More

3. Still doesn't work? Lets troubleshoot.
Assuming you have rebooted, the card is well installed, lets go on troubleshooting.

First step: syslog!
A lot of errors are caught and reported to syslog. Depending on your distribution, your log may (or may not) be located at /var/log/messages, /var/log/dmesg, /var/log/syslog... etc etc... please consult whatever reference manual is available with your distribution.

The command you should run as root will be cat /var/log/messages | less or perhaps cat /var/log/messages | tail.
Less will show you the date in a scrollable way and tail will post the last messages of dmesg.

These error messages are important to you, and to us. We need to know what the error messages are and the specs of your hardware at LQ if you want us to help you optimally, if this article is not sufficient, or you can't find the solution by yourself.

If you see there is an IRQ error, you will need to play with the IRQ settings in your BIOS. To enter the BIOS, you will need to press F1, F2, ESC, or similar keys at the first splash screen of your system to get into the BIOS. This, however, is tricky for inexperienced users. For the other users, you may go right ahead and modify it. How to fix IRQ problems is outside the scope of this document.

If there isn't anything that's obvious that pops out at you while reading the syslog or dmesg messages. Lets go on to the next steps.

4. Is it a classic error? Permission, module loaded, card in use, muted, external amplifier?
The most classic error is the permission denied error, IMHO.
To quickly test out whether root can access the sound card or not, test the card (To test a card, type cat /dev/urandom > /dev/dsp, type CTRL+C to stop the action.
) as root. If it works, congratulations! You are closer to making your soundcard work. If you can also test it as a normal user, you should have no problem making the sound card work.

type these commands:

ls -l /dev/dsp
ls -l /dev/audio
ls -l /dev/mixer

The owners, user would naturally be root, and the group (on some distros) "audio".
In that case, using any available GUI tool, add your user to the audio group. or using the console, type gpasswd -a user audio . You will need to relogin for the group change to make effect.

If the permissions read this : rwx------, or didn't permit "group" or "users" to read and write. Then we have a permission issue.
As root, type chmod 660 /dev/dsp or chmod 666 /dev/dsp . do that for /dev/audio and /dev/mixer too.
You can change the user and group by typing chown root:audio /dev/dsp . Change /dev/dsp for the name of the device.

If /dev/dsp doesn't exist, it's probably because your modules aren't loaded properly. Assuming the drivers are modules, and not built in the kernel, you can know whether they are loaded by typing /sbin/lsmod . If you aren't sure what modules are needed for your soundcard.... google it... http://www.google.com

If they aren't loaded, load them using modprobe or insmod... like this, as root :
modprobe atiixp

The module name will vary.

If it is loaded... we move on to the other classical error.

If the card is in use... it's in use! You can know who uses it by typing /sbin/fuser /dev/dsp.
You can also restart the alsa service using the commands provided to you by your distro.
(gentoo: /etc/init.d/alsasound restart)
(Mandrake: service alsa restart)

You may type alsamixer, to look and modify the mixer's settings. Make sure the master's volume is high enough to hear, and not muted (having "MM" below it's bar). Use the arrow keys to raise and lower the volume. Use M to unmute and mute. Use left and right to move from one bar to the other. Make sure that PCM is high enough and not muted. If you have something called external amplifier, unmuted it.

5. Testing
To test a card, type cat /dev/urandom > /dev/dsp, type CTRL+C to stop the action.

How to SSL - Encryption

2006-05-04T01:48:00.000-07:00

SSL-Encrypting Syslog via Stunnel

SSL Encrypting Syslog with Stunnel

Abstract

In this paper, I describe how to encrypt syslog messages on the network. Encryption is vital to keep the confidential content of syslog messages secure. I describe the overall approach and provide an HOWTO do it with the help of rsyslogd and stunnel.

Background

Syslog is a clear-text protocol. That means anyone with a sniffer can have a peek at your data. In some environments, this is no problem at all. In others, it is a huge setback, probably even preventing deployment of syslog solutions. Thankfully, there is an easy way to encrypt syslog communication. I will describe one approach in this paper.

The most straightforward solution would be that the syslogd itself encrypts messages. Unfortunately, encryption is only standardized in RFC 3195. But there is currently no syslogd that implements RFC 3195's encryption features, so this route leads to nothing. Another approach would be to use vendor- or project-specific syslog extensions. There are a few around, but the problem here is that they have compatibility issues. However, there is one surprisingly easy and interoperable solution: though not standardized, many vendors and projects implement plain tcp syslog. In a nutshell, plain tcp syslog is a mode where standard syslog messages are transmitted via tcp and records are separated by newline characters. This mode is supported by all major syslogd's (both on Linux/Unix and Windows) as well as log sources (for example, EventReporter for Windows Event Log forwarding). Plain tcp syslog offers reliability, but it does not offer encryption in itself. However, since it operates on a tcp stream, it is now easy to add encryption. There are various ways to do that. In this paper, I will describe how it is done with stunnel (an other alternative would be IPSec, for example).

Stunnel is open source and it is available both for Unix/Linux and Windows. It provides a way to use ssl communication for any non-ssl aware client and server - in this case, our syslogd.

Stunnel works much like a wrapper. Both on the client and on the server machine, tunnel portals are created. The non-ssl aware client and server software is configured to not directly talk to the remote partner, but to the local (s)tunnel portal instead. Stunnel, in turn, takes the data received from the client, encrypts it via ssl, sends it to the remote tunnel portal and that remote portal sends it to the recipient process on the remote machine. The transfer to the portals is done via unencrypted communication. As such, it is vital that the portal and the respective program that is talking to it are on the same machine, otherwise data would travel partly unencrypted. Tunneling, as done by stunnel, requires connection oriented communication. This is why you need to use tcp-based syslog. As a side-note, you can also encrypt a plain-text RFC 3195 session via stunnel, though this definitely is not what the protocol designers had on their mind ;)

In the rest of this document, I assume that you use rsyslog on both the client and the server. For the samples, I use Debian. Interestingly, there are some annoying differences between stunnel implementations. For example, on Debian a comment line starts with a semicolon (';'). On Red Hat, it starts with a hash sign ('#'). So you need to watch out for subtle issues when setting up your system.

Overall System Setup

In this paper, I assume two machines, one named client and the other named server. It is obvious that, in practice, you will probably have multiple clients but only one server. Syslog traffic shall be transmitted via stunnel over the network. Port 60514 is to be used for that purpose. The machines are set up as follows:

Client

rsyslog forwards message to stunnel local portal at port 61514
local stunnel forwards data via the network to port 60514 to its remote peer

Server

stunnel listens on port 60514 to connections from its client peers
all connections are forwarded to the locally-running rsyslog listening at port 61514

Setting up the system

For Debian, you need the stunnel4 package. The stunnel package is the older 3.x release, which will not support the configuration I describe below. Other distributions might have other names. For example, on Red Hat it is just stunnel. Make sure that you install the appropriate package on both the client and the server. It is also a good idea to check if there are updates for either stunnel or openssl (which stunnel uses) - there are often security fixes available and often the latest fixes are not included in the default package.

In my sample setup, I use only the bare minimum of options. For example, I do not make the server check client certificates. Also, I do not talk much about certificates at all. If you intend to really secure your system, you should probably learn about certificates and how to manage and deploy them. This is beyond the scope of this paper. For additional information, http://www.stunnel.org/faq/certs.html is a good starting point.

You also need to install rsyslogd on both machines. Do this before starting with the configuration. You should also familiarize yourself with its configuration file syntax, so that you know which actions you can trigger with it. Rsyslogd can work as a drop-in replacement for stock sysklogd. So if you know the standard syslog.conf syntax, you do not need to learn any more to follow this paper.

Server Setup

At the server, you need to have a digital certificate. That certificate enables SSL operation, as it provides the necessary crypto keys being used to secure the connection. Many versions of stunnel come with a default certificate, often found in /etc/stunnel/stunnel.pem. If you have it, it is good for testing only. If you use it in production, it is very easy to break into your secure channel as everybody is able to get hold of your private key. I didn't find an stunnel.pem on my Debian machine. I guess the Debian folks removed it because of its insecurity.

You can create your own certificate with a simple openssl tool - you need to do it if you have none and I highly recommend to create one in any case. To create it, cd to /etc/stunnel and type:

Quote:

openssl req -new -x509 -days 3650 -nodes -out stunnel.pem -keyout stunnel.pem

That command will ask you a number of questions. Provide some answer for them. If you are unsure, read http://www.stunnel.org/faq/certs.html. After the command has finished, you should have a usable stunnel.pem in your working directory.

Next is to create a configuration file for stunnel. It will direct stunnel what to do. You can used the following basic file:

Quote:


; Certificate/key is needed in  server mode
cert = /etc/stunnel/stunnel.pem

; Some debugging stuff useful for  troubleshooting
debug = 7

foreground=yes
[syslog]
accept  = 60514
connect = 61514

Save this file to e.g. /etc/stunnel/syslog-server.conf. Please note that the settings in italics are for debugging only. They run stunnel with a lot of debug information in the foreground. This is very valuable while you setup the system - and very useless once everything works well. So be sure to remove these lines when going to production.

Finally, you need to start the stunnel daemon. Under Debian, this is done via stunnel /etc/stunnel/syslog.server.conf. If you have enabled the debug settings, you will immediately see a lot of nice messages.

Now you have stunnel running, but it obviously unable to talk to rsyslog - because it is not yet running. If not already done, configure it so that it does everything you want. If in doubt, you can simply copy /etc/syslog.conf to /etc/rsyslog.conf and you probably have what you want. The really important thing in rsyslogd configuration is that you must make it listen to tcp port 61514 (remember: this is where stunnel send the messages to). Thankfully, this is easy to achieve: just add -t 61514 to the rsyslogd startup options in your system startup script. After done so, start (or restart) rsyslogd.

The server should now be fully operational.

Client Setup

The client setup is simpler. Most importantly, you do not need a certificate (of course, you can use one if you would like to authenticate the client, but this is beyond the scope of this paper). So the basic thing you need to do is create the stunnel configuration file.

Quote:


; Some debugging stuff useful for  troubleshooting
debug = 7
foreground=yes

client=yes

[ssyslog]
accept =  127.0.0.1:61514
connect = 192.0.2.1:60514

Again, the text in italics is for debugging purposes only. I suggest you leave it in during your initial testing and then remove it. The most important difference to the server configuration outlined above is the client=yes directive. It is what makes this stunnel behave like a client. The accept directive binds stunnel only to the local host, so that it is protected from receiving messages from the network (somebody might fake to be the local sender). The address 192.0.2.1 is the address of the server machine. You must change it to match your configuration. Save this file to /etc/stunnel/syslog-client.conf.

Then, start stunnel via stunnel4 /etc/stunnel/syslog-client.conf. Now you should see some startup messages. If no errors appear, you have a running client stunnel instance.

Finally, you need to tell rsyslogd to send data to the remote host. In stock syslogd, you do this via the @host forwarding directive. The same works with rsyslog, but it supports extensions to use tcp. Add the following line to your /etc/rsyslog.conf:

Quote:

*.* @@127.0.0.1:61514

Please note the double at-sign (@@). This is no typo. It tells rsyslog to use tcp instead of udp delivery. In this sample, all messages are forwarded to the remote host. Obviously, you may want to limit this via the usual rsyslog.conf settings (if in doubt, use man rsyslog.con).

You do not need to add any special startup settings to rsyslog on the client. Start or restart rsyslog so that the new configuration setting takes place.

Done

After following these steps, you should have a working secure syslog forwarding system. To verify, you can type logger test or a similar smart command on the client. It should show up in the respective server log file. If you dig out you sniffer, you should see that the traffic on the wire is actually protected. In the configuration use above, the two stunnel endpoints should be quite chatty, so that you can follow the action going on on your system.

If you have only basic security needs, you can probably just remove the debug settings and take the rest of the configuration to production. If you are security-sensitive, you should have a look at the various stunnel settings that help you further secure the system.

Preventing Systems from talking directly to the rsyslog Server

It is possible that remote systems (or attackers) talk to the rsyslog server by directly connecting to its port 61514. Currently (Jule of 2005), rsyslog does not offer the ability to bind to the local host, only. This feature is planned, but as long as it is missing, rsyslog must be protected via a firewall. This can easily be done via e.g iptables. Just be sure not to forget it.

Conclusion

With minimal effort, you can set up a secure logging infrastructure employing ssl encrypted syslog message transmission. As a side note, you also have the benefit of reliable tcp delivery which is far less prone to message loss than udp.

tar and rpm

2006-05-04T01:44:00.000-07:00

Install a package
rpm ivh packagename
upgrade a package
rpm Uvh packagename

create a tar file
tar cvf myfiles.tar mydir/
(add z if you are dealing with or creating .tgz (.tar.gz) files)

standard install from source
tar xvzf Apackage.tar.gz
cd Apackage
./configure
make
make install

List of LDAP vendors

2006-04-25T05:42:00.000-07:00

Supporting vendors

LDAP has gained wide support from vendors such as:

* Apache (through Apache Directory Server)
* Apple (through Open Directory/OpenLDAP)
* AT&T
* Avaya (through Directory Enabled Management)
* Banyan
* Critical Path
* eB2Bcom (through View500)
* Fedora Directory Server
* Hewlett-Packard
* Identyx
* IBM/Lotus
* ISODE (through M-Vault server)
* Microsoft (through Active Directory)
* Netscape (now in Sun Microsystems and Red Hat products)
* Novell (through eDirectory)
* OctetString (through VDE server)
* Oracle (through Oracle Internet Directory)
* Radiant Logic (through RadiantOne Virtual Directory Server)
* Red Hat Directory Server
* Siemens AG (through DirX server)
* SGI and
* Sun (through the iPlanet and Sun ONE directory servers)
* Symlabs (through Directory Extender)

What is LDAP

2006-04-25T05:40:00.000-07:00

Lightweight Directory Access Protocol

In computer networking, the Lightweight Directory Access Protocol, or LDAP, is a networking protocol for querying and modifying directory services running over TCP/IP. An LDAP directory usually follows the X.500 model: It is a tree of entries, each of which consists of a set of named attributes with values. While some services use a more complicated "forest" model, the vast majority use a simple starting point for their database organization.
Read More

An LDAP directory often reflects various political, geographic, and/or organizational boundaries, depending on the model chosen. LDAP deployments today tend to use Domain Name System (DNS) names for structuring the most simple levels of the hierarchy. Further into the directory might appear entries representing people, organizational units, printers, documents, groups of people or anything else which represents a given tree entry, or multiple entries.

Its current version is LDAPv3, as defined in RFC 3377.
Contents
[hide]

* 1 Origin and influences
* 2 Protocol overview
* 3 Directory structure
* 4 Operations
o 4.1 Bind (authenticate)
o 4.2 Start TLS
o 4.3 Search and Compare
o 4.4 Update operations
o 4.5 Extended operations
o 4.6 Abandon
o 4.7 Unbind
* 5 LDAP URLs
* 6 Schema
* 7 Variations
* 8 Other data models
* 9 Terminology
* 10 Supporting vendors
o 10.1 LDAP implementations
* 11 References
* 12 See also
* 13 External links
o 13.1 LDAP fora
o 13.2 RFCs

//

Origin and influences

LDAP was originally intended to be a lightweight alternative protocol for accessing X.500 directory services. X.500 directory services were traditionally accessed via the X.500 Directory Access Protocol, or DAP, which required the cumbersome Open Systems Interconnection (OSI) protocol stack. With LDAP, a client could access these directory services through a LDAP-to-DAP gateway. The gateway would translate LDAP requests to DAP requests and DAP responses to LDAP. This model of directory access was borrowed from DIXIE and the Directory Assistance Service.

Standalone LDAP directory servers soon followed, as did directory servers supporting both DAP and LDAP. The former has become popular in enterprises as they removed any need to deploy an OSI network. Today, X.500 directory protocols including DAP can be also used directly over TCP/IP.

The protocol was originally created by Tim Howes of the University of Michigan, Steve Kille of ISODE and Wengyik Yeong of Performance Systems International, circa 1993. Further development has been done via the Internet Engineering Task Force (IETF). It is noted that in the early engineering stages of LDAP, it was known as Lightweight Directory Browsing Protocol or LDBP. It was renamed as the scope of the protocol was expanded to not only include directory browsing functions (e.g., search) but also directory update functions (e.g., modify).

LDAP has influenced subsequent Internet protocols, including later versions of X.500, XML Enabled Directory (XED), Directory Services Markup Language (DSML), Service Provisioning Markup Language (SPML), and the Service Location Protocol (SLP).

Protocol overview

A client starts an LDAP session by connecting to an LDAP server, by default on TCP port 389. The client then sends operation requests to the server, and the server sends responses in return. With some exceptions the client need not wait for a response before sending the next request, and the server may then send the responses in any order.

The basic operations are, in order:

* Bind - authenticate, and specify LDAP protocol version,
* Start TLS - protect the connection with Transport Layer Security (TLS), to have a more secure connection,
o Search - search for and/or retrieve directory entries,
o Compare - test if a named entry contains a given attribute value,
o Add a new entry,
o Delete an entry,
o Modify an entry,
o Modify DN - move or rename an entry,
o Abandon - abort a previous request,
o Extended Operation - generic operation used to define other operations,
* Unbind - close the connection, not the inverse of Bind.

In addition the server may send "Unsolicited Notifications" that are not responses to any request, e.g. before it times out a connection.

LDAP is defined in terms of ASN.1, and protocol messages are encoded in the binary format BER. It uses textual representations for a number of ASN.1 fields/types, however.

Directory structure

The protocol accesses LDAP directories, which follow the X.500 model:

A directory is a tree of directory entries.
An entry consists of a set of attributes.
An attribute has a name (an attribute type or attribute description) and one or more values.
The attributes are defined in a schema (see below).

Each entry has an unique identifier: its Distinguished Name (DN). This consists of its Relative Distinguished Name (RDN) constructed from some attribute(s) in the entry, followed by the parent entry's DN. Think of the DN as a full filename and the RDN as a relative filename in a folder.

Be aware that a DN may change over the lifetime of the entry, for instance, when entries are moved within a tree. To reliably and unambiguously identify entries, an UUID is provided in the set of the entry's operational attributes.

An entry can look like this when represented in LDIF format (LDAP itself is a binary protocol):

dn: cn=John Doe,dc=example,dc=com
cn: John Doe
givenName: John
sn: Doe
telephoneNumber: +1 555 6789
telephoneNumber: +1 555 1234
mail: john@example.com
manager: cn=Barbara Doe,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top

dn is the name of the entry; it's not an attribute nor part of the entry. "cn=John Doe" is the entry's RDN, and "dc=example,dc=com" is the DN of the parent entry. The other lines show the attributes in the entry. Attribute names are typically mnemonic strings, like "cn" for common name, "dc" for domain component, and "mail" for e-mail address.

A server holds a subtree starting from a specific entry, e.g. "dc=example,dc=com" and its children. Servers may also hold references to other servers, so an attempt to access "ou=Some department,dc=example,dc=com" could return a referral or continuation reference to a server which holds that part of the directory tree. The client can then contact the other server. Some servers also support chaining, which means the server contacts the other server and returns the results to the client.

LDAP rarely defines any ordering: The server may return the values in an attribute, the attributes in an entry, and the entries found by a search operation in any order.

Operations

The client gives each request a positive Message ID, and the server response has the same Message ID. The response includes a numeric result code indicating success, some error condition or some other special cases. Before the response, the server may send other messages with other result data - for example each entry found by the Search operation is returned in such a message.

Bind (authenticate)

The Bind operation authenticates the client to the server. Simple Bind sends the user's DN and password - in cleartext, so the connection should be protected using Transport Layer Security (TLS). The server typically checks the password against the userPassword attribute in the named entry. Anonymous Bind (with empty DN and password) resets the connection to anonymous state.. SASL (Simple Authentication and Security Layer) Bind provides authentication services through a wide-range of mechanisms, e.g. Kerberos or the client certificate sent with TLS.

Bind also sets the LDAP protocol version. Normally clients should use LDAPv3, which is the default in the protocol but not always in LDAP libraries.

Start TLS

The Start TLS operation establishes Transport Layer Security (the descendant of SSL) on the connection. That can provide data confidentiality protection (hide the data) and/or data integrity protection (protect from tampering). During TLS negotiation the server sends its X.509 certificate to prove its identity. The client may also send a certificate to prove its identity. After doing so, the client may then use SASL/EXTERNAL to have this identity used in determining the identity used in making LDAP authorization decisions.

Servers also often support the non-standard "LDAPS" ("Secure LDAP", commonly known as "LDAP over SSL") protocol on a separate port, by default 636. The LDAPS differs from LDAP in two ways: 1) upon connect, the client and server establish TLS before any LDAP messages are transferred (without a Start TLS operation) and 2) the LDAPS connection must be closed upon TLS closure.

Search and Compare

The Search operation is used to both search for and read entries. Its parameters are:

* baseObject - the DN (Distinguished Name) of the entry at which to start the search,
* scope - baseObject (search just the named entry, typically used to read one entry), singleLevel (entries immediately below the base DN), or wholeSubtree (the entire subtree starting at the base DN).
* filter - how to examine each entry in the scope. E.g. (&(objectClass=person)(|(givenName=John)(mail=john*))) - search for persons who either have given name John or an e-mail address starting with john.
* derefAliases - whether and how to follow alias entries (entries which refer to other entries),
* attributes - which attributes to return in result entries.
* sizeLimit, timeLimit - max number of entries, and max search time.
* typesOnly - return attribute types only, not attribute values.

The server returns the matching entries and maybe continuation references (in any order), followed by the final result with the result code.

The Compare operation takes a DN, an attribute name and an attribute value, and checks if the named entry contains that attribute with that value.

Update operations

Add, Delete, Modify and Modify DN all require the DN of the entry to change.

Modify takes a list of attributes to modify and the modifications to each: Delete the attribute or some values, add new values, or replace the current values with the new ones.

Add operations also can have additional attributes and values for those values.

Modify DN (move/rename entry) takes the new RDN (Relative Distinguished Name), optionally the new parent's DN, and a flag which says whether to delete the value(s) in the entry which match the old RDN. The server may support renaming of entire directory subtrees.

An update operation is atomic: Other operations will see either the new entry or the old one. On the other hand, LDAP does not define transactions of multiple operations: If you read an entry and then modify it, another client may have updated the entry in the mean time. Servers may implement extensions which support this, however.

Extended operations

The Extended Operation is a generic LDAP operation which can be used to define new operations. Examples include the Cancel, Password Modify and Start TLS operations.

Abandon

The Abandon operation requests that the server aborts an operation named by a message ID. The server need not honor the request. Unfortunately neither Abandon nor a successfully abandoned operation send a response. A similar Cancel extended operation has therefore been defined which does send responses, but not all implementations support this.

Unbind

The Unbind operation abandons any outstanding operations and closes the connection. It has no response. The name is of historical origin: It is not the opposite of the Bind operation.

Clients can abort a session by simply closing the connection, but they should use Unbind. Otherwise the server cannot tell the difference between a failed network connection (or a truncation attack) and a discourteous client.

LDAP URLs

An LDAP URL format exists which clients support in varying degree, and which servers return in referrals and continuation references:
"ldap://host:port/DN?attributes?scope?filter?extensions"
where most components after "ldap://" can be omitted.

scope can be "base" (the default), "one" or "sub".
attributes is a comma-separated list of attributes to retrieve.
extensions are extensions to the LDAP URL format.
As in other URLs, special characters must be escaped with %hex format.

There is a similar non-standard "ldaps:" URL scheme for LDAP over SSL.

For example, "ldap://ldap.example.com/cn=John%20Doe,dc=example,dc=com" refers to all user attributes in John Doe's entry in ldap.example.com. "ldap:///dc=example,dc=com??sub?(givenName=John)" searches for him in the default server.

Schema

The contents of the entries in a subtree is governed by a schema.

The schema defines the attribute types that directory entries can contain.
An attribute definition includes a syntax, and most non-binary values in LDAPv3 use UTF-8 string syntax. For example, a "mail" attribute might contain the value "user@example.com". A "jpegPhoto" attribute would contain photograph(s) in binary JPEG/JFIF format. A "member" attribute contains the DNs of other directory entries.
Attribute definitions also include whether the attribute is single-valued or multi-valued, how to search/compare the attribute (e.g. case-sensitive vs. case-insensitive and whether substring matching is supported), etc.

The schema defines object classes. Each entry must have an objectClass attribute, containing named classes defined in the schema. They describe what kind of object an entry represents - e.g. a person, organization or domain. They also say which attributes the entry may contain, and which ones it must contain.

The schema also includes various other information controlling directory entries.

Most schema elements have a name and a globally unique Object identifier (OID).

Server administrators can define their own schemas in addition to the standard ones. Schemas for representing individual people within organizations are termed white pages schema.

Variations

A lot of the server operation is left to the implementor or administrator to decide. Accordingly, servers may be set up to support a wide variety of scenarios.

For example, data storage in the server is not specified - the server may use flat files, databases, or just be a gateway to some other server. Access control is not standardized, though there has been work on it and there are commonly used models. Users' passwords may be stored in their entries or elsewhere. The server may refuse to perform operations when it wishes, and impose various limits.

Most parts of LDAP are extensible. Examples: One can define new operations. Controls may modify requests and responses, e.g. to request sorted search results. New search scopes and Bind methods can be defined. Attributes can have options that may modify their semantics.

Extensions should be defined so that implementations which do not recognize them can handle them gracefully, but this is not always done. Still, a lot of work has been done since LDAP was invented to improve interoperability between different implementations.

Other data models

As LDAP has gained momentum, vendors have provided it as an access protocol to other services. The implementation then recasts the data to mimic the LDAP/X.500 model, but how closely this model is followed varies. For example, there is software to access SQL databases through LDAP, even though LDAP does not readily lend itself to this. X.500 servers may support LDAP as well.

Similarly, data which were previously held in other types of data stores are sometimes moved to LDAP directories. For example, Unix user and group information can be stored in LDAP and accessed via PAM and NSS modules. LDAP is often used by other services for authentication.

Terminology

Beware: The LDAP terminology one can encounter is quite a mess. Some of this is due to misunderstandings, other examples are due to its historical origins, others arise when used with non-X.500 services that use different terminology.

For example, "LDAP" is sometimes used to refer to the protocol, other times to the protocol and the data. A "LDAP directory" may be the data or also the access point. An "attribute" may be the attribute type, or the contents of an attribute in a directory, or an attribute description (an attribute type with options). An "anonymous" and an "unauthenticated" Bind are different Bind methods that both produce anonymous authentication state, so both terms are being used for both variants. The "uid" attribute should hold user names rather than numeric user IDs.

Life Keeper

2006-04-23T02:51:00.000-07:00

What is fault resilience?
SteelEye uses the term fault-resilient to describe a computing environment where servers can failover to other servers. Specifically, the term identifies environments where other servers take over for failed servers or failed applications providing up to 99.99% availability for systems and applications. Fault Resilience differs from Fault Tolerance in that Fault Resilience provides for a certain amount of accepted downtime during the failover process - generally an average of no more than 53 minutes a year. LifeKeeper provides fault resilience for Linux environments by enabling other servers in a cluster to take over for failed servers or failed applications.

Does LifeKeeper require dedicated hot back-up servers?
No. LifeKeeper supports an active-active server configuration. This configuration eliminates the need for extra servers dedicated for hot backup and allows clients and applications to failover to other production servers in the cluster.

What kinds of applications can LifeKeeper support?
LifeKeeper is an ideal fit for mission-critical applications. LifeKeeper can support most applications running in the Linux environment, including e-mail, databases, printers, application servers and Web servers.

Do applications need to be modified for use with LifeKeeper?
No. Depending on the type of application, the location of certain data that needs to be protected, will be denoted in LifeKeeper configuration guidelines. For example, if LifeKeeper protects the Sendmail application, the e-mail accounts database and mail spool directories would be stored on a shared device.

Can LifeKeeper protect applications from a single point of failure?
Yes. LifeKeeper eliminates a single point of failure for applications by enabling applications to failover to other servers in the cluster. This functionality not only minimizes the risk of a single point of failure, but also allows Linux systems to meet the stringent availability requirements of mission-critical operations by creating a fault resilient environment.

What is the impact on users when an application fails over to another server in the cluster?
The switchover that occurs, if an event creates an interruption in a server or application's availability, is transparent to end-users. LifeKeeper migrates all applications and transfers connectivity in such a way that clients have continuous access to applications and data. However, in configurations where a very large database application fails over, users may notice a few seconds of non-connectivity.

How many systems are required in a basic LifeKeeper configuration?
The minimum number of systems in a LifeKeeper configuration is two.

How much memory is required for each system in a LifeKeeper configuration?
The minimum amount of memory required for a LifeKeeper configuration is 32 MB, but 48 MB is recommended.

how to configure ntp

2006-04-20T22:47:00.000-07:00

Really it's as simple as adding the time server to /etc/ntp.conf and to /etc/ntp/step-tickers:

/etc/ntp.conf:

server 192.168.0.5
server 192.168.0.6

/etc/ntp/step-tickers
192.168.0.5
192.168.0.6

Then of course make sure that ntp will start at boot time:
chkconfig --level 2345 ntpd on
chkconfig --list ntpd

And let's start the service now:
service ntpd start

how to create samba user

2006-04-20T03:08:00.000-07:00

Hello All,

To create samba user..you should be root or sudo user.

1. First create a local user.

e.g.

$adduser abc

$passwd abc

(give the password.)

2. Then add that user in samba.

$smbpasswd -a abc

(Give the same password which you given in first stage.)

Thats it!

How to extend rootvg on aix

2006-04-17T09:00:00.000-07:00

Purpose

Adds physical volumes to a volume group.
Syntax

extendvg [ -f ] VolumeGroup PhysicalVolume ...
Description

The extendvg command increases the size of the VolumeGroup by adding one or more PhysicalVolumes.

The physical volume is checked to verify that it is not already in another volume group. If the system believes the physical volume belongs to a volume group that is varied on, it exits. But if the system detects a description area from a volume group that is not varied on, it prompts the user for confirmation in continuing with the command. The previous contents of the physical volume are lost, so the user must be cautious when using the override function.

Note: To use this command, you must either have root user authority or be a member of the system group.

You can use the Web-based System Manager Volumes application (wsm lvm fast path) to run this command. You could also use the System Management Interface Tool (SMIT) smit extendvg fast path to run this command.
Flags
-f Forces the physical volume to be added to the specified volume group unless it is a member of another volume group in the Device Configuration Database or of a volume group that is active.
Examples

To add physical volumes hdisk3 and hdisk8 to volume group vg3, enter:

extendvg rootvg hdisk3 hdisk8

Note: The volume group must be varied on before extending.

Files
/usr/sbin/extendvg Contains the extendvg command.

Using Crontab

2006-04-14T07:30:00.000-07:00

cron is a utility that you can use to schedule and automate tasks. By defining items in the cron table, called crontab, you can schedule any script or program to run on almost any sort of schedule.

For example, run a program each day 5 minutes after midnight on mondays, wednesdays and fridays. Or schedule something to run every five minutes, or once a month.
Read More

Basics

Each user has their own crontab, the scheduled scripts run as that user take this in account with regards to permissions. To edit the crontab use the following command:
$ crontab -e

You can list what your currnet crontab is using the following command:

$ crontab -l

Crontab Format
The following is the format entries in a crontab must be. Note all lines starting with # are ignored, comments.

# MIN HOUR MDAY MON DOW COMMAND
5 * * * * echo 'Hello'

MIN Minute 0-60
HOUR Hour [24-hour clock] 0-23
MDAY Day of Month 1-31
MON Month 1-12 OR jan,feb,mar,apr ...
DOW Day of Week 0-6 OR
sun,mon,tue,wed,thu,fri,sat
COMMAND Command to be run Any valid command-line

Examples

Here are a few examples, to see what some entries look like.

#Run command at 7:00am each weekday [mon-fri]
00 07 * * 1-5 mail_pager.script 'Wake Up'

#Run command on 1st of each month, at 5:30pm
30 17 1 * * pay_rent.script

#Run command at 8:00am,10:00am and 2:00pm every day
00 8,10,14 * * * do_something.script

#Run command every 5 minutes during market hours
*/5 6-13 * * mon-fri get_stock_quote.script

#Run command every 3-hours while awake
0 7-23/3 * * * drink_water.script

Special Characters in Crontab

You can use an asterisk in any category to mean for every item, such as every day or every month.

You can use commas in any category to specify multiple values. For example: mon,wed,fri

You can use dashes to specify ranges. For example: mon-fri, or 9-17

You can use forward slash to specify a repeating range. For example: */5 for every five minutes, hours, days
Special Entries

There are several special entries, some which are just shortcuts, that you can use instead of specifying the full cron entry.

The most useful of these is probably @reboot which allows you to run a command each time the computer gets reboot. This could be useful if you want to start up a server or daemon under a particular user, or if you do not have access to the rc.d/init.d files.
Example Usage:
# restart freevo servers
@reboot freevo webserver start
@reboot freevo recordserver start

The complete list:

Entry Description Equivalent To
@reboot Run once, at startup. None
@yearly Run once a year 0 0 1 1 *
@annually (same as @yearly) 0 0 1 1 *
@monthly Run once a month 0 0 1 * *
@weekly Run once a week 0 0 * * 0
@daily Run once a day 0 0 * * *
@midnight (same as @daily) 0 0 * * *
@hourly Run once an hour 0 * * * *

Miscelleanous Issues

Script Output
If there is any output from your script or command it will be sent to that user's e-mail account, on that box. Using the default mailer which must be setup properly.

You can set the variable MAILTO in the crontab to specify a separate e-mail address to use. For example:

MAILTO="admin@mydomain.com"

Missed Schedule Time
Cron does not run a command if it was missed. Your computer must be running for cron to run the job at the time it is scheduled. For example, if you have a 1:00am scheduled job and your computer was off at that time, it will not run the missed job in the morning when you turn it on.

Linux Job Scheduling

2006-04-14T07:24:00.000-07:00

How I learned to stop worrying and love the Cron.

Today, in our ongoing series on learning to live with Linux's ``inner dæmons'', we are going to look at two dæmons that schedule job execution on Linux. These dæmons are more or less exactly like those found on virtually every UNIX out there. (Linux has separate dæmons for at and cron. Old versions of Linux used a program called ``atrun'', which was run in root's crontab once a minute to execute at requests. Some other Unix operating systems have atd functionality directly in crond. This qualifier brought to you by the bureau of auctorial honesty. This article will cover atd and crond as they are distributed with most currently sold distributions, including Debian 2.1, Red Hat, SuSE and Corel, among others.) My test cases were all carried out on a Red Hat 6.1 installation using version 3.1.7 of at. Debian and SuSE versions I currently have are at 3.1.8.
Read More

As for cron, most Linux distributions use ``Vixie cron'' which was originally written, as you might guess, by Paul Vixie. The distributions have each done their own fixes to address a security hole discovered in August 1999. Check your distribution's update page for the most recent version of cron, and make sure you have it installed.

What you think about at and cron will largely depend on what your background is. If you are familiar with only the DOS and Windows world, you should be fairly impressed with what atd and crond offer, even if you have made use of the System Agent, which has certain similarities to crond. If you are an old hand from the world of MIS where you had JCL and various batch environment control systems, you will probably find atd and crond lacking in some essential features. Even so, I hope you will come away from this introduction with a healthy appreciation for what these tools do offer, and perhaps a few ideas about how, even with their limitations, they significantly enhance Linux's capabilities.

People with a mainframe background are very familiar with the concept of job scheduling. They usually use this term interchangably with batch processing. Alas, job scheduling is not batch processing. Batch processing, to my mind at least, includes the concepts of job dependencies, batch process monitoring, checkpoint/restart and recoverability. Neither atd nor crond provides these facilities. If you come from the world of big iron, you may be feeling some disappointment. Don't. As you will see, atd and crond fit in well with the overall UNIX philosophy of simple tools that do one thing well.

If you are coming from a Windows/DOS perspective, you should be pleased by the multi-user nature of atd and crond. Unlike System Agent, you do not have to be logged in for your jobs to be carried out.

If you have a UNIX background, well, you are amongst old friends here.

For those totally unfamiliar with these concepts, what we are talking about is running programs. So what, you say? I log in and type commands and click on little icons. I run programs all day. What's the big deal?

What about having programs run at a certain time of the day, whether you are there or not? What about compiling the latest version of WINE on a busy Linux server when it won't slow down the branch office Intranet? What about that annoying log file the on-line order application spits out that is about to eat up all the free disk space on /usr/prod/orders?

This is where job scheduling comes into play.

There are two kinds of scheduled jobs. You can think of them as ``one shot'' and ``repeating''. One-shot jobs are single executions of programs you want to have take place at some future time, whether or not you are logged in. Repeating jobs are programs you want to have run at certain times or dates, over and over again.

The command you use to schedule one-shot jobs is called ``at''. The way to schedule repeating jobs is through a ``crontab'' (which is a portmanteau word made from CRON TABle, similar to INITtialization TABle and other *nix-y portmanteau words). Oddly enough, the command used to view, edit and store crontabs is called ``crontab''.

Unlike some of the other dæmons we have covered in this series, these two have interactive user programs that control them. Because of this, we will cover the basics of using these two dæmons as a non-privileged user (I hope you aren't logging in to your Linux system as root!), then we will go over the dæmons and how they work, then we will cover some fine points of ``non-user'' or system-scheduled jobs, and finally some of the little ``gotchas'' that sometimes cause commands to behave differently than you expect when you run them through a scheduler.
Using at

The at command is used to schedule one or more programs for a single execution at some later time. There are actually four client commands:

1.

at: Runs commands at specified time
2.

atq: Lists pending commands
3.

atrm: Cancels pending jobs
4.

batch: Runs commands when system load permits

The Linux at command accepts a number of time specifications, considerably extending the POSIX.2 standard. These include:

HH:MM

Run at this hour and minute. If this is already passed, the next day is assumed. A 24-hour time is assumed, unless you suffix the time with ``am'' or ``pm''.

now noon midnight teatime

You read that right. You can type ``at teatime'', and Linux's at is civilized enough to know that this is 4 p.m. local time. The ``noon'' and ``midnight'' keywords have their normal meaning. The ``now'' keyword means what it says. It might seem like a dumb thing to have, since if you wanted to run something now, you would type it without the at command, but it has an application in ``relative time'' invocations. We'll see those after the date modifiers described below.

Date Modifiers

These time specifications may be optionally followed by a date specification. Date specifications come in a number of forms, including:

today tomorrow

These mean what you would expect. ``at teatime tomorrow'' will run the commands at 4 p.m. the following day. Note that if you specify a time already passed (as in ``at noon today'' when it is 3 p.m.), the job will be run at once. You do not get an error. At first you might think this a bad thing, but look at it this way. What if the system had been down since 10 a.m. and was only being restarted now at 3 p.m.? Would you want a critical job skipped, or would you want it to run as soon as possible? The at system takes the conservative view and assumes you will want the job run.

[]

where month_name is ``jan'' or ``feb'', etc., and day is a day number. The year is optional, and should be a four-digit year, of course.

MM/DD/YYYY YYYY-MM-DD

Don't listen to what the ``man at'' page tells you! At least in Red Hat 6.1, it is wrong! I suspect it is wrong in certain other releases as well, and I'm willing to bet this is because the documentation has not caught up with Y2K fixes to this subsystem. The at shipped with Red Hat 6.1 handles dates in the two formats above. It appears to handle 2-digit years correctly, turning values less than 50 into 20xx and those greater than 50 into 19xx. I did not test to find the exact pivot point, and I do not recommend that you bother to, either. If you use two-digit years at this point, be prepared to pay a price! Depending on your version of at to treat two-digit years a certain way is foolish. Use four-digit years. Haven't we learned our lesson? (If you worked with computers from 1995 to 1999, you felt the pain as work came to an almost complete halt while we pored over every system with microscopes, looking for date flaws in the designs of our systems. Don't make a Y2.1K problem! PLEASE!!!)

Relative Time

Another way you can modify a time specification is to apply a relative time to it. The format of a relative time specification is + , where ``count'' is simply a number and ``time units'' is one of ``minutes'', ``hours'', ``days'' or ``weeks''.

So, you can say:

at 7pm + 2 weeks

and the programs will be scheduled for two weeks from today at 7 p.m. local time.

One of the most common forms is this:

at now + x units

to specify a program or programs to be run so many units from now. Something I often use this for is in shutting down my home machine's dial-up connection from work. I dial in before I leave for work, and then I kill it before my wife gets home (I'm too cheap to buy a second line). I use ssh to log in from work, and I like to close all my windows cleanly, so I frequently do something like this:

# ps fax | grep wvdial
599 ? S 0:00 \_ wvdial
875 pts/2 S 0:00 \_ grep wvdial
# at now + 10 minutes
at> kill 599
at>
warning: commands will be executed using /bin/sh
job 9 at 2000-04-17 16:30
# exit
$ exit

I then have ten minutes to disconnect cleanly from my home system before my phone connection gets dropped.

Runtime Environment

Note that the plain old Bourne shell is used for all commands run by at. (Also note: I had to type ctrl-d, the *nix EOF character to close the interactive at session. More on this in the section on the at command line. This is just one factor affecting the behavior of at scheduled commands. Here are some other facts to bear in mind. The present working directory, environment variables (with three exceptions, see below), the current userid and the umask that were in effect when the at command was issued are retained and will be used when the commands are executed. The three environment variable exceptions are TERM, DISPLAY and ``_'' (which usually contains the last command executed in the shell). The output of the commands is mailed to the user who issued the at command. If the at command is issued in an su shell (meaning, if you ``became'' another user), the output mail will be sent to the login user, but the programs will run under the su user.
Permission

The ability to use at is controlled by two files: /etc/at.deny and /etc/at.allow.

The /etc/at.allow file is checked first. If it exists, only user names in this file are allowed to run at. If the /etc/at.allow file does not exist, then the /etc/at.deny file is checked. All user names not mentioned in that file may run at.

If neither file exists, only the superuser may run at.
Command Line

The at command runs either the commands passed on standard input (passed in through a pipe, or typed at the ``at>'' prompts as in the example above), or it runs the commands specified in the file named by the -f parameter.

The general form of the at command line is:

at [-V] [-q ] [-f ] [-mld]

where ``queue'' is a queue name. Queue names are letters, a-z or A-Z. See the section called ``Queues'' for more details.

``file'' is the name of a file containing commands to run.

``TIME'' is a time specification as discussed in detail above.

The remaining switches are -m (send mail to the user when the job is complete, even if no output was produced); -l (an alias for atq. See the atq section below); -d (an alias for atrm. See the atrm section below).
The atq Command

The atq command lists jobs queued by the current user (unless run as superuser, in which case pending jobs for all users are listed).

Here's a sample:

mars:20:~$ atq
5 2000-06-20 15:00 a
6 2000-07-04 15:00 a
10 2000-04-24 14:33 f
mars:21:~$

The first column is the job number, followed by the scheduled run time, followed by the queue. In this case, two jobs are in queue ``a'' and one in queue ``f''. See the section on queues for more information.

You can use the -q switch to look at jobs only in a particular queue.
The atrm Command

The atrm command is used to delete jobs from the atq. For example, consider the queue in the atq example above. The following session illustrates the use of atrm:

mars:21:~$ atrm 6
mars:22:~$ atq
5 2000-06-20 15:00 a
10 2000-04-24 14:33 f
mars:23:~$

You may list any number of job numbers on the command line.
The batch command

The batch command is a variation of at that, rather than scheduling a job for a time in the future, submits a job now, but that job will not start until the system's load average falls below 0.8. What is load average? The simplest way to think of it is the number of processes that are waiting to run. Most of the time, programs are idle, waiting for hardware or for input, or waiting for the kernel to complete a request. When a program actually has something to do, it is in a runnable state. If the system is not busy, the kernel generally gives control to such a program right away. When some other program is in the middle of running, the program that has just become runnable must wait. The instantaneous system load is the number of runnable processes that are not running. The load average is an average of this instantaneous load over a short period of time. Thus, a system that is below 1.0 load average has some idle time. A system that is at and hovers near 1.0 is fully busy, and at theoretical maximum capacity. A system that is over 1.0 has no idle time, and processes are waiting for a chance to run. Note that this does not necessarily mean the system becomes perceptibly slower to users, but it does mean the maximum capacity of the system has been reached and programs are running slower than they might on a less busy system.

The batch command schedules a job for ``right now'', but will delay the start of the job until there is idle time (load average less than 0.8) on the system. Note that this test is for starting the job. Once it is started, it will run to completion, no matter how busy the system becomes during the run.
Queues

Note that this section is quite Linux-specific. Other UNIX operating systems I have used have queues, but they are different from those documented here. Always consult local documentation. AIX doesn't work this way, for example.

Queues are a way of grouping jobs together in separate lists. They are named from a-z and A-Z. The at command by default puts jobs on queue ``a'', whereas the batch puts jobs on queue ``b'' by default.

Queue names with ``greater'' values run at higher ``niceness''. Nice values are a way that Linux (and other UNIX systems) set job priorities. The default nice level of a job is ``0'', which means ``normal''. Jobs can have nice values from -20 (highest possible priority) to +19 (lowest possible priority). Only the superuser can give jobs a negative nice value. We won't say anymore about nice here, as a discussion of the kernel scheduler is well beyond our scope. Just know that jobs in the ``z'' queue run at a lower priority (and thus slower and with less impact on other running jobs) than do jobs in the ``a'' queue.

Jobs that are running will be in the ``='' queue, which is reserved for running jobs.

Queue names are case sensitive! Rembember, there are a-z queues and A-Z queues. The A-Z queues are special. If you use at to put a job on a queue with a capital letter, then the job is treated as if it were submitted to the batch command at the run time instead of the at command.

In other words, putting a job on an uppercase queue is like combining at and batch. When the job runs, it runs immediately if the load average is below 0.8, otherwise it waits until the load average falls below that point. In no case will the job start before its scheduled time.

Phew! All of that and we still haven't looked at the dæmon that takes care of all this! I hope you are beginning to see that ``at'', while not a complete batch processing system, certainly provides a great deal of capability.
How They Work

The at and batch commands put jobs into the at queue. What is the at queue? Well, there is a directory, /var/spool/at, which is accessible only to the dæmon user and the superuser (everything is available to the superuser). For each job, there is a file in the directory. The file is a shell script that sets up the environment and umask, cd's to the working directory and then runs the programs specified to at/batch in succession.

The commands go into the shell script exactly as they were typed/piped to at. Each is run in turn. If you used &, && or ; to background jobs, or make jobs dependent on one another, these will be observed.

Important note! The shell /bin/sh is used to run these jobs. If you normally use some other shell, such as tcsh, be aware that you can't use the semantics of that shell because /bin/sh will be used instead.
The atd Dæmon

At this point, documenting the dæmon is rather anticlimactic. The atd dæmon examines the /var/spool/at directory. The names of the files actually encode their runtimes, queues and batch vs. at status. These files are shell scripts that set up the environment and run the job as described above. Output from the jobs is temporarily stored in /var/spool/at/spool until the jobs are completed, upon which the output is mailed to the invoking user.
At Summary

at is less widely known than cron, but is in many ways the more powerful tool.
Using crontab

Potentially every user on the system has a crontab, which is a portmanteau word made from CRON TABle. The command to create, examine and modify crontabs is called crontab.

There are four ways to invoke crontab.

crontab
crontab -l
crontab -r
crontab -e

Generally, crontab works on your own crontab. All four forms accept the -u option followed by a user name. In most cases, you will be able to view and edit other users' crontabs only if you are the superuser. You might want to check your system security if you are able to edit another user's crontabs. You probably have some problems!

The first form stores the named file as the crontab, replacing any current crontab. The second form dumps the current crontab to stdout. The third form removes the current crontab. The fourth form opens the current crontab in the editor specified by the VISUAL or EDITOR environment variable.

If you want to experiment with your crontab, it's a good idea to do a

crontab -l working-crontab

to save your current crontab if any, then use

crontab -e

to modify your crontab in your favorite editor. you can always use

crontab -r working-crontab

to put everything back the way it was.

At this point, you may be wondering what a crontab looks like and what it does.
Basic crontab Format

A crontab is a list of program command lines along with a specification of when to run that command line. It is a whitespace-delimited file with a newline between commands. Blank lines and lines beginning with a pound character (#) are ignored.

The fields are:

minute hour day of month month day of week command

Any of the time fields may be an asterisk (*), which means ``every''. Thus, an entry of:

* * * * * fetchmail

Will run fetchmail once a minute, every minute of every hour, every day.

Ranges of numbers are allowed. So:

* 8-17 * * 1-5 fetchmail

will run fetchmail once a minute, between 8 a.m. and 5 p.m., Monday through Friday (0 or 7 represents Sunday).

Lists are allowed. Thus:

0,20,40 * * * 1-5 fetchmail

will run fetchmail at the hour, at 20 past, and again at 40 past the hour every hour of the day, Monday through Friday.

Step values are allowed after asterisks and ranges. They are of the form /. So,

*/5 8-17/2 * * * cp /var/log/* /log/backup

will run that cp command (just in case you had started thinking you could run only fetchmail) every five minutes in the 8 a.m., 10 a.m., noon, 2 p.m. and 4 p.m. hours of every day.

Finally, names may be used for months (jan-dec, case insensitive) and days of the week (sun-sat, case insensitive). The Red Hat man pages claim that you can't use names in ranges, but I gave it a try myself and it appeared to work correctly.
Runtime Environment--Advanced crontab Format

This is the area that confuses users of cron the most. They specify commands they run every day from their interactive shells, and then they put them in their crontab and they don't work or they behave differently than they expected.

For example, if you write a program called ``fardels'' and put it in &HOME/bin, then add $HOME/bin to your PATH, cron might send you mail like this:

/bin/sh: fardels: command not found

The PATH cron uses is not necessarily the same as the one your interactive shell uses.

It is necessary to understand that the environment in which cron jobs run is not the environment in which they operate every day.

First of all, none of their normal environment variables are initialized as they are in their login shells. The following environment variables are set up by the cron dæmon:

SHELL=/bin/sh
LOGNAME set from /etc/passwd entry for the crontab's UID.
HOME set from /etc/passwd entry for the crontab's UID.

We've been holding out on you. There's another kind of entry allowed in your crontab file. Lines of the form iname=value are allowed to set environment variables that will be set when jobs are run out of the crontab. You may set any environment variable except LOGNAME.

An important one to note is MAILTO. If MAILTO is undefined, the output of jobs will be mailed to the user who owns the crontab. If MAILTO is defined but empty, mailed output is suppressed. Otherwise, you may specify an e-mail address to which to send the output of cron jobs.

Finally, any percent sign in the command portion of a job entry is treated as a newline. Any data which follows the first percent sign is passed to the job as standard input, so you can use this to invoke an interactive program on a scheduled basis.
Permissions

The ability to have and use a crontab is controlled in a manner very similar to the at subsystem. Two files, /etc/cron.allow and /etc/cron.deny, determine who can use crontab. Just as in the case of at, the cron.allow is checked first. If it exists, only the users listed there may have cron jobs. If it does not exist, the cron.deny file is read. All users except those listed there may have cron jobs.

If neither file exists (and this is quite unlike ``at''), all users may have crontabs.
The cron Dæmon

There is hardly anything to document here. The cron dæmon (which is called either cron or crond) takes no arguments and does not respond to any signals in a special way. It examines the /var/spool/cron directory at start-up for files with names matching user names in /etc/passwd. These files are read into memory. Once per minute, cron wakes up and walks through its list of jobs, executing any that are scheduled for that minute.

Each minute, it also checks to see if the /var/spool/cron directory has changed since it was last read, and it rereads any modifications, thus updating the schedule automatically.
System crontab

I've led you through a merry dance so far. I've got you thinking that only users have crontabs, and that all scheduled jobs run as the crontab's owning user. That's almost true. Cron also has a way to specify crontabs at a ``system'' level. In addition to checking /var/spool/cron, the cron dæmon also looks for an /etc/crontab and an /etc/cron.d directory.

The /etc/crontab file and the files in /etc/cron.d are ``system crontabs''. These have a slightly different format from that discussed so far.

The key difference is the insertion of a field between the ``day of week'' field and the command field. This field is ``run as user'' field. Thus:

02 4 * * * root run-parts /etc/cron.daily

will run ``run-parts /etc/cron.daily'' as root at 2 minutes past 4 a.m. every single day.

how to compile programe on linux

2006-04-12T01:19:00.000-07:00

Installing programs

1 Installing RPMs.

The two of the most common methods of installing software are .rpm and .tar.gz (or .tgz, .bz2, .gz)of the two RPMs are the most popular. RPMs are precompiled, installation-ready packages. You might prefer those, if you are new to Linux as compiling from source is not always easy.
Read More

RPMS in KDE are handled by kpackage. Open it and move around a bit. kpackage is opened by default when you double click a RPM in the file manager. To download them in Netscape, hold the <shift>button and left-click the link (works for every other file, too). There is one obstacle, though: if you aren't root, you can't use kpackage to install or uninstall rpms. ( Although new versions seem to prompt you for the root password ) There are two ways to handle this, both involve opening a virtual terminal (click on the icon that looks like a monitor or hit <Ctrl>-t in the filemanager), this is something like the DOS-window known from some lesser OS's. Type 'su' to become root. Now you may fire up kpackage (type 'kpackage' at the prompt) or second install the rpms by hand.

Some options for installing by hand are: rpm -i [Package_name] : installs the program, rpm -U [Package_name] : upgrades an installed package with a new version, rpm -e [Package_name] : uninstalls, Adding the -vv option (e.g. rpm -ivv) turns on verbose mode (useful if encountering errors). RPM keeps a database about all installed programs, so you won't be able to accidentally erase important programs or files, which other programs rely on. Though be aware that you are doing your installs as root so rpms from obscure sites may be badly configured or even contain malicious content. A very common issue with rpm is failed dependencies, rpm checks if the package you are about to install has all the other packages installed that are required to run the program properly. Alas it only does these checks against its own database. So if you compiled and installed a prerequisite, rpm won't find that and will refuse to install. In this case you may either: Install the prerequisite again via a rpm-package or tell rpm to ignore dependencies (option --nodeps and the ultimate --force). Be careful with these options, though as you can easily break your OS...

one way to check rpms without kpackage or RPM is using the 'midnight commander' ('mc'), which runs on console or in a virtual terminal (e.g. kvt). mc allows you to browse a rpm just like a directory and have a look at all installation scripts (besides: it also makes a formidable file manager).

Install or upgrade? It is important to discriminate between these two. An example: You want to upgrade a library (that's a collection of program routines) because you want to install a program that needs that new version. But some of your programs depend on the old version. If you now upgrade with rpm -U these programs perhaps won't work anymore. You may now get all these programs in rpms that are compiled against the new version of this library. Or you just use the -i switch. Most libraries can coexist in different versions on one system.

Common resources are: ftp://ftp.redhat.com/ and (preferably) its worldwide mirrors. Mandrake-Linux is compatible to RedHat-Linux. Apart from the KDE-base rpm and system initialization stuff you may use original RedHat packages. For Mandrake specific updates check Mandrake's FTP server and its mirrors via Mandrake's main site at http://www.linux-mandrake.com

http://rpmfind.net/ The RPM repository at RpmFind contains some 10.000 rpm-packages. They offer a tool 'rpmfind' which eases the process of finding and downloading specific rpms.

Recommended reading: man rpm, rpm --help | more, RPM HOWTO, Software Building HOWTO

2 Installing from source

So-called 'tarballs' are packages with the ending tar.gz, .tgz, .bz2 or .gz. These mostly contain programs in source-code that you have to compile yourself. They contain files like README, INSTALL etc. Read them and follow the instructions.
The basic commands needed to compile most programs are. /configure, make, make install. It all depends on the programmer that wrote them if they compile straight away or if you have to fiddle with path-or makefile settings or have to install other programs first (Check the Software Building HOWTO for that).

If you don't want to do that, check the rpm-repository at http://rpmfind.net/ first, if they have an rpm of that program you won't need to do it yourself. It may be a good idea to keep large downloaded packages somewhere in case you need them again (I use cdrs as they are so cheap).

Why someone wants to compile from source anyway if it can be such a tedious task?, you may ask. Some reasons are: you may customize program features and install paths self compiled programs usually are even more stable and faster than precompiled ones because they are more suited to your system settings, upgrading is easier: you just simply apply a patch and recompile. With rpms you have to download the whole program again. Source code is more up-to-date. Programs are written in source code. To make a rpm of them, you first have to compile them, write the installation scripts and (hopefully) test them. So if this program has a flaw or is missing a feature you want badly you can do nothing but issue a bug-report or a feature request and hope for the next version. If you have the source chances are the author will write a fix/patch, which you can apply soon.

The following is a quick walkthrough to compile a program

Compiling software from source:

We will be using the Ed editor as an example the latest download can be found at http://freshmeat.net/projects/ed/?topic_id=63

Download the source files to your hard drive.
Change to the directory that you downloaded to.
The file is called ed-0.2.tar.gz this is the latest as of this writing.
Extract the file using ark right click the file and choose archiving tool.
In the new window that opens choose Action | extract.
Choose the location to extract to and make sure the all button is checked press ok.
In a few seconds this will be completed.
As an alternative you can open a console and type 'gunzip ed-0.2.tar.gz' and then type 'tar xvf ed-0.2.tar'.
The switches for tar mean x=extract v=verbose this lets you see what it is doing and f=file.
Open the file manager and navigate to the location containing the source files.
Press Ctrl + t this will open a console in the current directory.
For the remainder of this I will assume you are working as root.
In the console type './configure' when completed check for any errors.
If there are no errors you will want to type 'make'.
Again check that there are no errors and then type 'make install'.
I highly recomend reading the man page for ed before running it while ed is easy to compile it is not easy to run.
There you have it 90% of all files are compiled this way
./configure
make
make install

Common resources are: ftp://metalab.unc.edu/pub/Linux/, ftp://tsx-11.mit.edu/pub/linux/ . These are mirrored at many university FTP servers.

3 Other installation methods.

Debian users can check out Havoc Pennington's Debian tutorial 's chapter 16 on dpkg and apt

Debian users should also check out the Debian User's guide located at
http://www.debian.org/doc/manuals/users-guide/users-guide.en.txt

Slackware users can take a look at the Linux newbies guide to Slackware packages

Hi Friends

2006-04-11T08:15:00.000-07:00

Hi Friends i am very happy to see that there are lots of users geting use of this site but if u have any troubles then please with coment put ur email ids or directly mail to unilinux@gmail.com so i can help u directly thx for ur support once again

DHCP hows to

2006-04-10T21:16:00.000-07:00

Normally if you have a cable modem or DSL, you get your home PC's IP address dynamically assigned from your service provider. If you install a home cable/DSL router between your modem and home network, your PC will most likely get its IP address at boot time from the home router instead. You can choose to disable the DHCP server feature on your home router and set up a Linux box as the DHCP server.
Read More

This chapter covers only the configuration of a DHCP server that provides IP addresses. The configuration of a Linux DHCP client that gets its IP address from a DHCP server is covered in Chapter 3 on Linux Networking.

Download and Install the DHCP Package

Most RedHat and Fedora Linux software products are available in the RPM format. Downloading and installing RPMs aren't hard. If you need a refresher, Chapter 6, the RPM chapter, covers how to do this in detail.

When searching for the file, remember that the DHCP server RPM's filename usually starts with the word dhcp followed by a version number like this: dhcp-3.0.1rc14-1.i386.rpm.

The /etc/dhcpd.conf File

When DHCP starts, it reads the file /etc/dhcpd.conf. It uses the commands here to configure your network. The standard DHCP RPM package doesn't automatically install a /etc/dhcpd.conf file, but you can find a sample copy of dhcpd.conf in the following directory which you can always use as a guide.

/usr/share/doc/dhcp-/dhcpd.conf.sample

You have to copy the sample dhcpd.conf file to the /etc directory and then you'll have to edit it. Here is the command to do the copying for the version 3.0p11 RPM file:

[root@bigboy tmp]# cp /usr/share/doc/dhcp-3.0pl1/dhcpd.conf.sample
/etc/dhcpd.conf

Here is a quick explanation of the dhcpd.conf file: Most importantly, there must be a subnet section for each interface on your Linux box.

ddns-update-style interim

ignore client-updates

subnet 192.168.1.0 netmask 255.255.255.0 {

# The range of IP addresses the server

# will issue to DHCP enabled PC clients

# booting up on the network

range 192.168.1.201 192.168.1.220;

# Set the amount of time in seconds that

# a client may keep the IP address

default-lease-time 86400;
max-lease-time 86400;

# Set the default gateway to be used by

# the PC clients

option routers 192.168.1.1;

# Don't forward DHCP requests from this

# NIC interface to any other NIC

# interfaces

option ip-forwarding off;

# Set the broadcast address and subnet mask

# to be used by the DHCP clients

option broadcast-address 192.168.1.255;
option subnet-mask 255.255.255.0;

# Set the DNS server to be used by the

# DHCP clients

option domain-name-servers 192.168.1.100;

# Set the NTP server to be used by the

# DHCP clients

option nntp-server 192.168.1.100;

# If you specify a WINS server for your Windows clients,

# you need to include the following option in the dhcpd.conf file:

option netbios-name-servers 192.168.1.100;

# You can also assign specific IP addresses based on the clients'

# ethernet MAC address as follows (Host's name is "laser-printer":

host laser-printer {

hardware ethernet 08:00:2b:4c:59:23;
fixed-address 192.168.1.222;

}

}

#

# List an unused interface here

#
subnet 192.168.2.0 netmask 255.255.255.0 {
}

There are many more options statements you can use to configure DHCP. These include telling the DHCP clients where to go for services such as finger and IRC. Check the dhcp-options man page after you do your install:

[root@bigboy tmp]# man dhcp-options

Note: The host statement seen in the sample dhcpd.conf file can be very useful. Some devices such as network printers default to getting their IP addresses using DHCP, but users need to access them by a fixed IP address to print their documents. This statement can be used to always provide specific IP address to DHCP queries from a predefined a NIC MAC address. This can help to reduce systems administration overhead.

How to Get DHCP Started

To get DHCP started:

1. Some older Fedora/RedHat versions of the DHCP server will fail unless there is an existing dhcpd.leases file. Use the command touch /var/lib/dhcp/dhcpd.leases to create the file if it does not exist.

[root@bigboy tmp]# touch /var/lib/dhcp/dhcpd.leases

2. Use the chkconfig command to get DHCP configured to start at boot:

[root@bigboy tmp]# chkconfig dhcpd on

3. Use the service command to instruct the /etc/init.d/dhcpd script to start/stop/restart DHCP after booting

[root@bigboy tmp]# service dhcpd start

[root@bigboy tmp]# service dhcpd stop

[root@bigboy tmp]# service dhcpd restart

4. Remember to restart the DHCP process every time you make a change to the conf file for the changes to take effect on the running process. You also can test whether the DHCP process is running with the following command; you should get a response of plain old process ID numbers:

[root@bigboy tmp]# pgrep dhcpd

5. Finally, always remember to set your PC to get its IP address via DHCP.

DHCP Servers with Multiple NICs

When a DHCP configured PC boots, it requests its IP address from the DHCP server. It does this by sending a standardized DHCP broadcast request packet to the DHCP server with a source IP address of 255.255.255.255.

If your DHCP server has more than one interface, you have to add a route for this 255.255.255.255 address so that it knows the interface on which to send the reply; if not, it sends it to the default gateway. (In both of the next two examples, we assume that DHCP requests will be coming in on interface eth0).

Note: More information on adding Linux routes and routing may be found in Chapter 3 on Linux Networking.

Note: You can't run your DHCP sever on multiple interfaces because you can only have one route to network 255.255.255.255. If you try to do it, you'll discover that DHCP serving working on only one interface.

Temporary Solution

You can temporarily add a route to 255.255.255.255 using the route add command as seen below.

[root@bigboy tmp]# route add -host 255.255.255.255 dev eth0

If you want this routing state to be maintained after a reboot, then use the permanent solution that's discussed next.

Permanent Solution

The new Fedora Linux method of adding static routes doesn't seem to support sending traffic out an interface that's not destined for a specific gateway IP address. The DHCP packet destined for address 255.255.255.255 isn't intended to be relayed to a gateway, but it should be sent using the MAC address of the DHCP client in the Ethernet frame.

You have one of two choices. Add the route add command to your /etc/rc.local script, or add an entry like this to your /etc/sysconfig/static-routes file.

#

# File /etc/sysconfig/static-routes

#

eth0 host 255.255.255.255

Note: The /etc/sysconfig/static-routes file is a deprecated feature and Fedora support for it will eventually be removed.

Now that you have configured your server, it's time to take a look at the DHCP clients.

Configuring Linux Clients to Use DHCP

A Linux NIC interface can be configured to obtain its IP address using DHCP with the examples outlined in Chapter 3. Please refer to this chapter if you need a quick refresher on how to configure a Linux DHCP client.

Configuring Windows Clients to Use DHCP

Fortunately Windows defaults to using DHCP for all its NIC cards so you don't have to worry about doing any reconfiguration.

Simple DHCP Troubleshooting

The most common problems with DHCP usually aren't related to the server; after the server is configured correctly there is no need to change any settings and it therefore runs reliably. The problems usually occur at the DHCP client's end for a variety of reasons. The following sections present simple troubleshooting steps that you can go through to ensure that DHCP is working correctly on your network.

DHCP Clients Obtaining 169.254.0.0 Addresses

Whenever Microsoft DHCP clients are unable to contact their DHCP server they default to selecting their own IP address from the 169.254.0.0 network until the DHCP server becomes available again. This is frequently referred to as Automatic Private IP Addressing (APIPA). Here are some steps you can go through to resolve the problem:

o Ensure that your DHCP server is configured correctly and use the pgrep command discussed earlier to make sure the DHCP process is running. Pay special attention to your 255.255.255.255 route, especially if your DHCP server has multiple interfaces.

o Give your DHCP client a static IP address from the same range that the DHCP server is supposed to provide. See whether you can ping the DHCP server. If you cannot, double-check your cabling and your NIC cards.

Conclusion

In most home-based networks, a DHCP server isn't necessary because the DSL router / firewall usually has DHCP capabilities, but it is an interesting project to try. Just remember to make sure that the range of IP addresses issued by all DHCP servers on a network doesn't overlap because it could possibly cause unexpected errors. You might want to disable the router/firewall's DHCP server capabilities to experiment with your new Linux server.

A DHCP server may be invaluable in an office environment where the time and cost of getting a network engineer to get the work done may make it simpler for Linux systems administrators to do it by themselves.

Creating a Linux DHCP server is straightforward and touches all the major themes in the previous chapters. Now it's time to try something harder, but before we do, we'll do a quick refresher on how to create the Linux users who'll be using many of the applications outlined in the rest of the book.

Breaking/RESETTING grub password

2006-04-10T21:13:00.000-07:00

Breaking/RESETTING grub password

This guide illustrates three methods to break the grub password
===================================================
METHOD 1
===================================================
HOW TO RESET UR ROOT PASSWORD IF U FORGET IT

While Booting ( Redhat ) just press "e" in GRUB
u will find 3 lines of code..
Goto to the 2nd line press "e"again and type "1" in the end
then press ENTER..
Then press "b" and it will boot you into your shell..
Just type "passwd" and change your ROOT password...
don't need to know the old one..
===================================================
METHOD 2
===================================================
"I, uh, forgot the root password"

Let's look at recovering the root password from the boot loader. If you're using GRUB, then, as GRUB loads up, highlight the Red Hat Linux entry on the GRUB menu and then press [E] to edit the boot configuration. Locate the following line, something that looks like this:

kernel /boot/vmlinuz-2.4.20-0.70 root=LABEL=/hdc=ide-scsi

Type the number '1' at the end. Doing so boots the PC into run level 1-single user mode, where you're automatically logged in as root. This done, type 'passwd' at the prompt. You can enter a new password here.
===================================================
METHOD 3
===================================================
Question.
I am doing a project on Linux platform. Someone has added the GRUB password to the computer on which I am working and has also changed the root password. I can crack the root password, if there is no Grub password, from the initial screen (i.e. from the init 1); but with the GRUB password. While reading LinuxForYou, I saw your section and thought you may be able to help.

Answer.
To break the GRUB start-up password, follow the steps given below:

1. Boot the system with the first Linux CD. At the boot prompt, type linux rescue to switch to rescue mode. In rescue mode you will be asked if similar steps should be followed, which need to be followed in the installation. Once you get the # prompt, type the following command:

# chmod /mnt/sysImage

2. Edit the grub.conf file and remove the passwd line from the file. Save the file and exit.

3. Once your machine reboots, you will be able to start your Linux OS in the usual manner

IPv6 Deployment in Linux

2006-04-09T08:49:00.000-07:00

IPv6 deployment
Please note: An updated version of this document that has slightly better formatting and a TOC can be found in the LQ Wiki.

IPv6 deployment and upgrade strategies - introduction

This article is intended as a guide to assist new entrants into the IPv6 world. We will show three successively more complex examples of migration strategies from IPv4 to IPv6. The examples utilize Linux-based routers, firewalls, and proxy servers, although the attached workstations are assumed to be Windows-based machines. These examples will help the user understand the deployment of (or migration to) an IPv6 network.
Read More

Internet Protocol Version 6 (IPv6), also referred to as Internet Protocol Next Generation (IPng), is the latest major network layer protocol. It is an extension to Internet Protocol Version 4 (IPv4), which is the current Internet standard. IPv6 was originally developed to handle a number of issues that were either considered weaknesses or limitations of IPv4. Most notably and obviously, IPv6 has an address space of 128 bits (versus 32 bits in IPv4), which allows a much larger number of machines to be connected to any network. In addition, IPv6 improves router performance through the use of more succinct network datagram headers, multicast membership maintenance, reduced network broadcasts, and delegation of packet fragmentation. These techniques provide more efficient network architecture from which to deploy next generation Internet technologies.

Although IPv6 contains a number of improvements over IPv4, there are also a number of challenges that face implementers and administrators wishing to deploy this advanced architecture. First of all, the fact that the technology is new and not widely used represents a major challenge to implementers. However, many of the challenges are superficial because the underlying system design has not changed radically. Thus many of the changes from IPv4 to IPv6 are superficial. For instance, IPv6 no longer uses "private addresses" [RFC1918] but instead uses two types of network addresses called "site-local" and "link-local" addresses. The Address Resolution Protocol and the Router Discovery Protocol have been replaced with the Neighbor Discovery Protocol. DHCP (Dynamic Host Configuration Protocol) is no longer necessary in IPv6 since hosts can negotiate their addresses on startup. The only major change is that Network Address Translation (employed in routers and firewalls when acting as a surrogate source in network communications) is no longer implemented in IPv6 (nor is it necessary since there are enough IP addresses for every device).

IPv6 and IPv4 headers compared

Although we like to think of the Internet as a new technology, the actual design of the Internet infrastructure began in the late 1960's with contracts from the United States Department of Defense. By 1981, RFC 791 standardized IPv4, which is the key technology for building an "internet" of networks. In the past 22 years, we have seen quite a few changes to the Internet's infrastructure. To understand some of the issues with IPv4, let us take a look at its header layout.

http://dons.usfca.edu/buckwalt/ipv6/image002.jpg

Figure 1-1 IPv6, IPv4 Side by Side Comparison

In Figure 1-1, we can compare the IPv4 and IPv6 headers. In IPv4, the Version field (A) has a value indicating that this datagram is of type IPv4. The Header Length Field (B) indicates the length of the IPv4 header, (since the options field (N) is optional or can contain up to 40 bytes of data). The next field (C) represents what is generally considered to be 'Type of Service' and is a way to specify the priority of a packet. The Total Length of the packet is stored in field (D) and represents the size of the packet header + payload.

Fields E, F, G and H are used in fragmentation calculations. The Identification Header (E) is used to determine which group of fragmented packets a datagram belongs to. The 'Don't Fragment' Flag (F) (which follows an unused bit) is used to specify that this datagram should not be fragmented. The 'More Fragments' flag (G) specifies that fragment reassembly at the receiver must wait until the rest of the fragments are received. The last fragmentation field (H) specifies where the fragment fits within the original datagram.

The 'Time to Live' byte (I) specifies how long a packet can travel along a route until it is dropped (and an alert sent back to the originating host). The 'Time to Live' is now measured in hops. The 'Protocol' byte (J) tells the recipient about the type of protocol in its payload (typically TCP, UDP, etc). The header checksum (K) tells the recipient if there were any transmission errors in the header. And finally, the standard packet header ends with the Source (L) and Destination (M) addresses of the packet. If it exists, the options header (N) follows the standard packet header, and may be up to 40 bytes in length.

If reading the description of the headers is confusing, imagine how much computation must be done by the routers managing the packets. Imagine having to wade through a possible 40 more bytes of optional headers (twice the length of the standard header described on this page). The IPv4 software has to do a considerable amount of processing as each packet is received, analyzed, possibly fragmented, and then retransmitted. With knowledge of the complexities of IPv4, the designers of IPv6 decided to simplify the headers of the IPv6 protocol to eliminate many of these problems.

First, they eliminated the "options" header. There is a set of optional headers in IPv6, but unless the router sees a special routing header as the very first optional header (comprising 18 bytes) it is ignored. Because the "options" header was eliminated, packets would always be the same size. This means that the IPv6 header does not need a Header Length Field. Next, a decision was made on the way IPv6 behaves about packet fragmentation.... and the decision is that routers just won't do it. The end hosts are responsible for determining the maximum transmission unit of the link between it and its partner and sending datagrams of that size or smaller... thus fragmentation is eliminated in the routing consideration (and packet re-assembly phases). Finally, since modern routers have build in error detection at the datalink layer, it became unnecessary to compute header checksums for IPv6 headers.

In this way, the IPv6 header starts to look like a "stripped down" version of the original IPv4 specification. The first field (A) represents the version of the protocol (IPv6). The next field (B) represents the "Traffic Class" (a fancy way of saying Type of Service). The field (C) is the "Flow Label" and is a shortcut for the router that means the router has to make routing decisions on this packet insomuch as it must do to this packet the same thing it does to every other packet with the same flow label. The Payload Length (D) is the length of the entire datagram minus the header. The Next Header (E) is used by router only under very special circumstances but generally tells the receiving station the protocol of the datagram's payload (i.e. TCP, UDP, etc). Next, we have the "Hop Limit" (F) which is analogous to "Time to Live" in IPv4 but represents a simple counter that can be decremented (instead of a time to be computed). Finally, the Source (G) and Destination (H) headers are each 16 bytes long.

The IPv6 headers are always 40 bytes long. IPv4 headers are a minimum of 20 bytes long but are quite often longer (up to a rare maximum of 60 bytes long). This represents on a normal network (1500 bytes MTU) of 2.6 percent of the overall traffic for IPv6 and an estimate of 1.3 to 3.9% of traffic on an IPv4 network for headers alone.

IPv6 and IPv4 addressing compared

For the networking professional, the most obvious change from IPv4 to IPv6 is the vast increase in address space. IPv6 addresses have a 128 bit address space, which yields approximately 2128 addresses (3.4 * 1038) Compare this with IPv4, where the address space is 32 bits, which yields approximately 232 addresses (4.3 billion or 4.3 * 109). This represents a significantly larger number of addresses! This helps because many studies conducted have estimated that we will run out of address space in the IPv4 Internet within the next few years [RFC 1744].

In IPv6, the _expression of an address as a "dotted-quad," or "dotted-decimal" has been replaced by a different representation. As you may recall, IPv4 addresses are typically represented as a sequence of four 8-bit values (bytes), each byte separated by a period. Thus, the following IPv4 address (in binary):

10111101001000001100111101100001

would be divided into four bytes:

10111101.00100000.11001111.01100001

which in turn would be translated into decimal equivalents as:

189.32.207.97

With IPv6 addresses, the notation is slightly different. Each address is broken into eight 2-byte pieces which are delimited by a colon. Thus, the following IPv6 address (in binary):

11111110 11000000 00000000 00000000 00000000 00000000 00000000 00000000 00000010 00100000 11101101 11111111 11111110 01101010 00001111 01110110

would be divided into eight 2-byte pieces (note that we insert extra spaces for readability, but they are not required in the notation):

1111111011000000: 0000000000000000: 0000000000000000: 0000000000000000: 0000001000100000: 1110110111111111: 1111111001101010: 0000111101110110

which in turn would be translated into hexadecimal equivalents as:

fec0:0000:0000:0000: 0220:edff:fe6a:0f76

With IPv6 addresses, some shorthand can be taken. For instance, leading "0"s within each 2-byte piece can be dropped:

fec0:0:0:0:220:edff:fe6a:f76

Also, a single series of "0"s can be dropped and replaced with two adjacent colons to signify that "0"s can be added to make the address fit into 128 bits:

fec0::220:edff:fe6a:f76

However, this reduction can only be used once in any address in order to not violate uniqueness. Imagine the trouble we would get into trying to represent the following addresses with more than one double colon:

8d:0:0:2d69:0:0:0:1234 can safely be represented as 8d:0:0:2d69::1234
8d:0:2d69:0:0:0:0:1234 can safely be represented as 8d:0:2d69::1234
8d:0:0:0:2d69:0:0:1234 can safely be represented as 8d::2d69:0:0:1234

This reduction can be used for the localhost interface in IPv6 (the equivalent of IPv4's 127.0.0.1). This localhost address is 0:0:0:0:0:0:0:1 or ::1. The reduction can also be applied to the default network (the equivalent of IPv4's 0.0.0.0) as simply ::.

Subnetting in IPv6 follows similar rules as in IPv4. The general idea is that a subnet mask can be applied to any address. Using this subnet mask, a router can determine which bits represent the network membership of an address and which bits represent the host's address. In the IPv4 world, the network address 192.168.1.4/24 (or alternative notation of subnet mask 255.255.255.0) means that the network address is represented by the first 24 bits of the address and that the host address is represented by the remaining 8 bits (32 bit address space minus 24 bit network address = 8 bits for host address). The notation 192.168.1.4/24 is usually referred to as a CIDR (Classless Interdomain Routing) address. We give an example of subnet masking in binary, which is easier to visualize:

The IPv4 address 192.168.1.4 would be represented in binary as:
11000000.10101000.00000001.00000100
The subnet mask 255.255.255.0 would be represented in binary as:
11111111.11111111.11111111.00000000
which shows that the first 24 bits of the subnet mask are "1". Then "bitwise AND" the 2 values together to get the network address:
11000000.10101000.00000001.000000000
which indicates that the network portion of the address is 192.168.1.0 (24 bits of network address, plus a trailing zero byte). Then subtract the network address from the original address to get the host's address:
00000000.00000000.00000000.00000100
which indicates that the host is 0.0.0.4, or, more simply, just 4.

In IPv6, the idea of subnet masks is similar, but the network addresses are much larger (explained later in this section). We illustrate with our previous IPv6 address example, assuming a network of /64 (meaning that the network address is the left-hand 64 bits of the total 128 bits). We will use hexadecimal arithmetic rather than binary arithmetic, because binary is just too cumbersome for IPv6 addresses.
The IPv6 address fec0::220:edff:fe6a:f76 would be expanded to:
fec0:0000:0000:0000:0220:edff:fe6a:0f76
The subnet mask for a /64 network would be:
ffff:ffff:ffff:ffff:0000:0000:0000:0000
Then "bitwise AND" the 2 values together to get the network address:
fec0:0000:0000:0000:0000:0000:0000:0000
(64 bits of network address, plus a 64 trailing zero bits). Then subtract the network address from the original address to get the host's address:
0000:0000:0000:0000: 0220:edff:fe6a:0f76

In IPv4, there is a traditional classification of network, based on the first octet (leftmost byte) of the address. However, this classification is no longer formally part of the IP addressing architecture, and has been replaced by CIDR (Classless Interdomain Routing). In summary:

Allocation 1st Octet
----------- --------
Class "A" 0 - 126
Reserved 127

Class "B" 128 - 191
Class "C" 192 - 223

Class "D" 224 - 239
Class "E" 240 - 254
Reserved 255

Or, by using the "First Octet" Rule:

Bit Pattern Class of Address
------------ ----------------
0 A
10 B
110 C
1110 D

1111 E

Figure 1.2 IPv4 Network Allocations

However, in IPv6 we have 2 octets of information with which to divide our networks (also see RFC 3513).

Allocation Prefix Fraction of
(binary) Address Space
------------------------------ -------- -------------
Reserved 0000 0000 1/256
Unassigned 0000 0001 1/256

Reserved for NSAP Allocation 0000 001 1/128
Reserved for IPX Allocation 0000 010 1/128

Unassigned 0000 011 1/128
Unassigned 0000 1 1/32
Unassigned 0001 1/16
Unassigned 001 1/8

Provider-Based Unicast Address 010 1/8

Unassigned 011 1/8

Reserved for Geographic-
Based Unicast Addresses 100 1/8

Unassigned 101 1/8
Unassigned 110 1/8
Unassigned 1110 1/16
Unassigned 1111 0 1/32
Unassigned 1111 10 1/64
Unassigned 1111 110 1/128

Unassigned 1111 1110 0 1/512

Link-Local Use Addresses 1111 1110 10 1/1024
Site-Local Use Addresses 1111 1110 11 1/1024

Multicast Addresses 1111 1111 1/256

Figure 1-3 IPv6 Network Allocations

For the scope of our paper, we are interested in four types of addresses. These are link-local addresses, site-local addresses, global unicast addresses (basically anything marked "unassigned" above) and multicast addresses. The term "global unicast address" supersedes the IPv4 term "IP address." We will not discuss anycast addresses which are used by routers specifically for failover, redundancy, and broadcast in IPv6. In IPv6, link-local and site-local addresses represent private address space just as reserved addresses represent them in IPv4, (RFC 1918):
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

In IPv6, any network address fe80::/10 is a "link-local" address. The concept of link-local means that machines are physically located in the same data link layer broadcast domain. This would include machines attached via hubs, bridges, and layer 2 switches as well as any machines directly connected. The addresses in network address fec0::/10 are "site-local" addresses and should not be routed outside of your locally-controlled infrastructure (because of the possibility of address collisions with addresses defined at other sites). All other legal addresses are considered to be "global unicast addresses" and are validly used on any node whether connected to the Internet or not. Global unicast addresses must be globally unique, of course.

As with IPv4, IPv6 addresses can be either statically or dynamically assigned. However, the definition of dynamically assigned has changed somewhat with IPv6. There are two dynamic address mechanisms in IPv6. The first (and primary) mechanism for dynamic IP address assignment is called "stateless autoconfiguration"; and uses the hardware address of the machine's interface to negotiate the IP address. For stateless autoconfiguration on a link-local network, an example is:

1. If the node (host or router) has a 48-bit MAC interface identifier of:
00:01:03:31:AA:DD
then the resulting 64-bit IPv6 interface ID will be:
0201:03ff:fe31:aadd
or, in shorthand notation:
201:3ff:fe31:aadd*
* Note: A 48-bit MAC address must be expanded to a 64-bit address for stateless autoconfiguration. To do so, the value fffe is inserted between the third and fourth bytes of the MAC address. Next, the second low-order bit of the first byte of the MAC address is complemented. In binary, our original MAC address looks like this, after expansion:

00000000: 00000001: 00000011: : 00110001: 10101010: 11011101
The binary string in italics represents the first byte. The "0" in boldface represents the second low order bit. More colloquially, we could call this the "next to last bit in the first byte". [Stateless Autoconfiguration: RFC 2462]

2. The node prepends this 64-bit interface identifier with the 64-bit link-local interface identifier fe80::0. This address becomes the "tentative address."

3. The node joins the "all-nodes" multicast group (ff02::1) and the solicited node multicast group (ff02:0:0:0:0:1:ffxx:xxxx, where xx:xxxx is the low-order 24 bits of the MAC address of the node's interface). (Multicast groups are explained later in this section.)

4. The node broadcasts a "neighbor solicitation" message to the "all-nodes" multicast group asking if the selected address is taken. If the address is taken, the node stops and manual configuration is required. Otherwise, the state of the address is set to "preferred."

5. The node then sends a "router solicitation request" to the "all routers" multicast group (ff02::2) to determine default routes.
The drawback with stateless autoconfiguration is that wherever this mechanism is employed, the size of the host portion of the IP address must be no smaller than 64 bits. This causes quite a few wasted unicast addresses in a typical network address architecture.

The second form of autoconfiguration occurs through the use of the dynamic host configuration protocol (DHCP) and is called "stateful autoconfiguration". DHCP can also be used in conjunction with stateful autoconfiguration to broadcast information other than IP addresses, such as DNS servers, network names, and proxy-servers. This mechanism can subnet a network into much smaller segments than stateless autoconfiguration (creating less wasted network address space) but requires additional management of the DHCP server and the addition of a DHCP client on all machines that require stateful autoconfiguration. Both stateless and stateful autoconfiguration protocols can be used for networks other than site-local through various control protocol mechanisms.

Finally, in IPv6, multicast addresses are used quite frequently for control of network hosts and services. There are two types of multicast addresses; well known and temporary. A diagram for multicast address bits looks like this:

http://dons.usfca.edu/buckwalt/ipv6/image004.gif

Figure 1-4 IPv6 Multicast Address Diagram

The second field, 000x, represents the flags field. The first 3 bits are reserved and must be set to "0". The last bit, x, represents the permanence of the address. 1 represents a temporary multicast address, while 0 represents a permanent (or termed "well-known") address.

The third field, yyyy, represents the "scope" field. The scope of the multicast address can be determined by looking at this table:

Value Description
----- -----------
0 Reserved
1 Interface-local (network interface card)
2 Link-local scope (same as link-local addr)
3,4 Unassigned
5 Site-Local scope (same as site-local addr)
6,7 Unassigned
8 Organizational scope
9,a,b,c,d Unassigned
e Global scope
f Reserved

Figure 1-5 IPv6 Multicast Scope Diagram

And finally, the group identifier is used to determine the subscriber (or function) of the multicast listening nodes. For instance, a multicast address of ff01::1 represents the "all nodes" multicast address of scope "interface local," while ff02::1 and ff05::1 represent the "all nodes" multicast address of link-local and site-local scope, respectively. The group identifier of the addresses is the same, only the scope address is different.

Some well-known group identifiers are:

Group Identifier Description
---------------- -----------
::1 All nodes
::2 All routers
::9 RIP routers
::1:3 DHCP servers

Figure 1-6 IPv6 Well-Known Multicast Group Identifiers

For more information on multicast addresses, please see RFC 2375.

IPv6 and IPv4 maintenance protocols compared

With IPv4, we were introduced to a number of maintenance protocols. These protocols gave us the ability to detect errors in our network, receive alerts when our endpoints became unreachable, and to detect the layout of our network.

In IPv4, the major protocol used for network maintenance is called ICMP (Internet Message Control Protocol) and is defined in RFC 792. The most important types are described below [Computer Networks 4th Ed, p. 449, ISBN 0130661023]:

Message Type Description
------------ ---------------
Destination Unreachable Datagram could not be delivered
Time Exceeded Time to Live reached 0
Parameter Problem Invalid Header Field
Echo Ping Request
Echo Reply Ping Reply

Figure 1-7 IPv4 Common ICMP Types

In IPv6, the common ICMP messages are retained, but there are a few additions:

Message Type Description
------------ ----------------
Destination Unreachable Datagram could not be delivered,
i.e. no route to destination
Packet Too Big Since fragmentation cannot be done,
MTU size was too large for some
link in transmission path.
Time Exceeded Hop Limit reached 0
Parameter Problem Invalid Header Field
Echo Ping Request
Echo Reply Ping Reply
Multicast Listener Query What multicast addresses are on a link?
Multicast Listener Report Node is joining a multicast group
Multicast Listener Done Node is resigning multicast group
Router Solicitation Node needs to know routes
Router Advertisement Router sends routing table
Neighbor Solicitation Node wants to build ARP table
Neighbor Advertisement Node responds to solicitation

Figure 1-8 IPv6 Common ICMP Types

Assuming a familiarity with IPv4, we will discuss only the new ICMP messages. The first (and probably most used) error message is the "Packet Too Big" message type. This can occur when a packet is transmitted along different links of differing MTU (Maximum Transmission Unit) sizes. When the datagram is initially constructed, the node will assume that its link MTU size is safe for transmission to all destination nodes. However, if a router along the path to the destination has a smaller link size, the packet will be discarded and a "Packet Too Big" ICMP message will be directed towards the source. The data payload of the ICMP message gives the MTU size of the link that caused the problem. The source node then has the responsibility of encapsulating the data into the proper size for the bottleneck link and then retransmitting. This mechanism may be repeated by other routers that may have increasingly smaller MTU sizes. This mechanism is called Path MTU Discovery and is defined in RFC 1981.

The next set of ICMP messages are informational in nature and are used to coordinate information between nodes and routers. The simplest information exchange mechanism is called Neighbor Solicitation and Advertisement. This pair of messages has two functions. The first is the resolution of link layer addresses (similar to ARP in IPv4) and the second is detecting when a neighbor is unreachable. When a node attempts to resolve a hardware level address, the destination for the Neighbor Solicitation message will be a multicast address. When a node attempts to determine the reachability of a neighbor, the destination is the unicast address of that neighbor. When Neighbor Solicitation messages are sent by hosts that are determining the reachability of their neighbors, Neighbor Advertisements will be sent as replies to the solicitations. Neighbor Advertisements are also sent unsolicited when a new node joins a link. In this way, the overhead of the ARP protocol is bypassed since hosts will have local address caches for all machines on their network.

The next pair of informational ICMP messages are the Router Solicitation and Advertisement types. Routers regularly send out Router Advertisements, which contain routing information to be used on their link. However, nodes can request routing information outside of this normal interval by sending a Router Solicitation to the Link-local All-routers multicast address (ff02::2). This mechanism ensures that routing tables for all nodes are consistent.

The final informational messages in our list are the multicast management messages. These messages comply with the Multicast Listener Discovery protocol as defined in RFC 2710, which is a descendant of the Internet Group Management Protocol used in IPv4. The idea is that routers are responsible for keeping track of multicast group membership in their subnets, based on information that they obtain from their nodes. Whenever a node joins a multicast group, it must send a "Multicast Listener Report" packet to its router. When it leaves a multicast group, it sends a "Multicast Listener Done" packet to its router. In turn, the affected router must subscribe/unsubscribe to the multicast group with its parent router, and so on. At certain intervals (and under certain circumstances), the router can send a "Multicast Listener Query" to determine which multicast groups exist on a specific link, or to determine which hosts subscribe to a particular multicast group. The answers to these requests are also "Multicast Listener Report" messages.

Why use IPv6 - conclusions

Simply put, IPv6 has significant improvements over IPv4. Using IPv6 extends the life of the Internet, whose address space is doomed to become saturated within a few years. It also simplifies router processing of the network datagrams because of its simplified header design. Finally, IPv6 offers "plug and play" network management because of its stateless autoconfiguration, router discovery, neighbor discovery, multicast discovery, and management protocols.

Implementing a simple SOHO network using IPv6

http://dons.usfca.edu/buckwalt/ipv6/image006.gif

Figure 2-1 SOHO Network Diagram

Infrastructure requirements and layout
In this section, we will describe the network layout, design, and example implementation for a small network used by a 5-person real estate office. The requirements for this office represent those of non-technology professionals, whose needs include:
**Access to the World Wide Web
**Access to email (provided by their ISP)
**File and print sharing
**A web presence, represented by a web server
**Modest budget for IT expenses

Although we could design this infrastructure using many market technologies, we will assume that the customer is agreeable to open-source network software (Linux, apache) for their infrastructure while retaining their local workstation machines on Windows XP (which supports IPv6).

Implementation strategy in IPv4
If we were to implement this environment using IPv4, we would most likely make the following recommendations:
# All traffic to and from our network will go through a proxy server with the "outside interface" controlling a public IPv4 address, labeled (A) in Figure 2.1, and the "inside interface" controlling a public IPv4 address (B).
# A proxy server makes sense for this environment because, most likely, the network link from the ISP is very slow and we want to maximize our available bandwidth. A web proxy allows us to do web filtering, block popup ads, and most importantly, cache the content so that expensive requests over our ISP link are reduced.
# To minimize cost, we could install the proxy server and web server on the same machine.
# Access outside of the network MUST go through the proxy server which is configured for HTTP/HTTPS and SOCKS connections.

Implementation strategy in IPv6
Not surprisingly, our implementation strategy in IPv6 is similar to the IPv4 solution described above. We built and tested a live implementation using a lab network. Details of the implementation are given below:

Obtain an IPv6 address from the customer's ISP
We simulated this step by using the IPv6 tunnel broker Hurricane Electric (http://www.he.net):

1. First, you must sign-up for an account by registering at their main page, http://www.he.net.

2. Once your account is approved, log in and request an IPv6 address by providing your public IPv4 address.

http://dons.usfca.edu/buckwalt/ipv6/image008.jpg

Figure 2-2 Registering for an IPv6 Tunnel

3. Once your tunnel is approved, you will be notified and given your tunnel information.

http://dons.usfca.edu/buckwalt/ipv6/image010.jpg

Figure 2-3 IPv6 Tunnel Information

4. And additionally, you will be given some examples of setting up a tunnel on a server machine:

http://dons.usfca.edu/buckwalt/ipv6/image012.jpg

Figure 2-4 IPv6 Configuration Settings

5. Your next step is to configure your server to use this globally accessible unicast address. This is described later in this section.

Enabling IPv6 on a Linux server
Ensure that your Linux server is capable of running IPv6. In short, check the following items:

1. If IPv6 is compiled as a module, ensure it can be loaded with
# modprobe IPv6
2. /proc/net/if_inet6 exists

3. Ensure your "nettools" package is IPv6-compatible:
# ifconfig lo - should contain the addr ::1
# route ?A inet6 ?rn - should not return an error
4. The "ip" package should be IPv6 compatible:
# ip -f inet6 addr - should list le0 with addr ::1
5. The following commands should reside on your machine:
** ping6
** traceroute6
** tracepath6
6. The proper startup script exists to start IPv6 at startup time.
Based on the information obtained from Hurricane Electric, my IPv6 startup script looks like this:

******/etc/rc.d/init.d
jspears@sparta:> cat IPv6-setup
#!/bin/bash
/sbin/ifconfig sit0 up
/sbin/ifconfig sit0 tunnel ::64.71.128.82
/sbin/ifconfig sit1 up
/sbin/ifconfig sit1 inet6 add 2001:470:1f00:ffff::759/127
/sbin/route -A inet6 add ::/0 dev sit1

7. Ensure that the IPv6 initialization script will be run at startup.

Installing an IPv6-compatible proxy server
For most open source network servers and applications, we can quite easily find either IPv6-enabled versions or patches to deploy on our new network. Since we are looking for a proxy server, we have a few choices. First, we can user the Squid proxy server (available at [http://www.squid-cache.org/ squid], but which requires an IPv6 patch) or we can install the prometeo proxy server (available at [http://sourceforge.net/projects/prometeo-proxy/ prometeo], which supports IPv6 natively). We chose to install prometeo because of its ease of installation and its simplicity. For flexibility, though, squid is probably a better choice.

To install prometeo:

1. Download the source from sourceforge (follow the download link from prometeo) onto your local machine.

2. Extract the source files from the tar ball with the following command:
$ tar xzf prometeo-1.2.tar.gz
This creates a directory called prometeo-1.2.

3. Enter the directory and configure the source:
$ cd prometeo-1.2
$ ./configure -enable-IPv6

4. Compile the source:
$ make

5. Install the compiled binaries as the "root" user:
$ su ?root ?c "make install"

6. Next, you need to edit the prometeo configuration file:
$ vi /usr/local/prometeo/etc/prometeo.xml
For the section ensure that:
1
By reading the documentation you can also create custom settings for the proxy, such as configuring SOCKS proxies, etc.

7. Create a system startup script:
#!/bin/bash
case "$1" in
start)
/usr/local/prometeo/sbin/prometeo
;;
stop)
/usr/local/prometeo/bin/prometeoctl stop
;;
esac
8. Ensure that this startup script is run at startup:
# ln ?s /etc/rc.d/rc3.d/S99prometeo
# ln ?s /etc/rc.d/rc3.d/K01prometeo

Install and configure an IPv6-compatible web server
In addition to version 2 of the Apache web server having significant improvements in performance and modular functionality, it also has native support for IPv6. Although we could choose to patch an earlier version of Apache, it is tedious and unnecessary for most cases. In our example, we will use the Apache web server (version 2) as our web infrastructure.

1. Download the Apache web server source code from apache.org (http://httpd.apache.org/download.cgi)

2. Extract the source files from the tar ball with the following command:
$ tar xzf httpd-2.0.45.tar.gz
This creates a directory called httpd-2.0.45.

3. Enter the directory and configure the source:
$ cd httpd-2.0.45
$ ./configure
4. Compile the source:
$ make
5. Install the compiled binaries as the "root" user:
$ su ?root ?c "make install"
6. Next, you need to edit the Apache configuration file:
$ vi /usr/local/apache2/conf/httpd.conf
Change the "Listen" directive to your IPv6-compatible web URL i.e.:
Listen [2001:470:1f00:ffff::759]:80
Also, apply any other appropriate Apache tuning for your environment, which is beyond the scope of this document.

7. By default, the Apache startup script works very well as a system startup script. It is only necessary to link to it for system startup:
# ln ?s /usr/local/apache2/bin/apachectl \ /etc/rc.d/rc3.d/S99apache
# ln ?s /usr/local/apache2/bin/apachectl \ /etc/rc.d/rc3.d/K01apache
8. Register your IPv6 address with DNS for your domain. The DNS entry for an IPv6-compatible site is:
my.server.hostname IN AAAA my.ip.address
An example is:
IPv6.jspears.org IN AAAA 2001:470:1f00:ffff::759
You can verify the changes to DNS with the nslookup command:
$ nslookup -type=AAAA IPv6.jspears.org
Server: sparta.jspears.org
Address: 192.168.1.6

IPv6.jspears.org AAAA IPv6 address = fec0::c0a8:106
jspears.org nameserver = dns0.jspears.org
jspears.org nameserver = dns1.jspears.org

Configuring an IPv6-compatible DNS server is covered in a later section of this document.

Install and configure workstation machines as IPv6-compatible machines
Make sure that the customer is using an IPv6-compatible operating system. As of this writing, the only Microsoft operating system that supports IPv6 is Windows XP Service Pack 1 and greater. For Apple Macintosh operating systems there are no published compatibility notes for IPv6. Linux and kernel versions 2.4 and greater have IPv6 support. Many BSD variants also have IPv6 support.

1. For this step, we assume that Windows XP SP1a is installed at the customer site and that IPv6 is not configured. To enable IPv6, perform the following sequence of actions:
** Log on as an administrator user
** Open the Control Panel
**Select the "Network Connections" Icon
** Right-click the icon which represents the network connection. Then select "Properties".
** In the "Properties" dialogue, click the "Install" button.
** In the new window, select the item labeled "Protocol" and then select "Microsoft IPv6 Developer Edition" in the protocol selection dialogue window.
** Reboot the machine.

2. Once the machine comes back online, we need to tell it to use the proxy server. Unfortunately, most of our software doesn't understand IPv6 notation, even if the applications do. This is especially problematic for mapping hostnames to IPv6 addresses. For Windows, we can make the following change to the workstation's operating system so that hostname resolution for our proxy server will work.
** With Notepad or another text editor, open the file:
c:\windows\system32\drivers\etc\hosts
** Add the following line:

Here is an example:

http://dons.usfca.edu/buckwalt/ipv6/image014.jpg
Figure 2-5 Example Hosts File
** Save the file
3. Now we can configure our browsers to use the new proxy server.

In Microsoft Internet Explorer Version 6:
** Open the Control Panel
** Select the "Internet Options" Icon.
** Select the tab labeled "Connections"
** Click the button labeled "LAN Settings"
** Input the IPv6 hostname (from above) and port number (from prometeo.xml) in the proxy dialogue and click "OK"
Here is an example:

http://dons.usfca.edu/buckwalt/ipv6/image016.jpg
Figure 2-6 Internet Explorer Proxy Dialogue

In Netscape Navigator Version 7:
** Open Netscape Navigator, select the menu item "Edit->Preferences"
** In the new dialogue box, select the tree branch labeled "Advanced->Proxies" and input the proxy settings:

http://dons.usfca.edu/buckwalt/ipv6/image018.jpg
Figure 2-7 Netscape Proxy Dialogue

If you use your web browser to travel to an IPv6-aware website, you should be able to get the correct content:

http://dons.usfca.edu/buckwalt/ipv6/image020.jpg
Figure 2-8 Web Browser Display Using IPv4

http://dons.usfca.edu/buckwalt/ipv6/image022.jpg
Figure 2-9 IPv6-Aware Web Browser Display

Implementing a small development network using IPv6

http://dons.usfca.edu/buckwalt/ipv6/image024.gif
Figure 3-1 Small Routable Network Diagram
Infrastructure requirements and layout
In this section, we will describe the network layout, design, and an example implementation for a network used by a small software consulting firm. The requirements for this office represent those of technology professionals, whose needs include:
** All requirements of a SOHO Office, as in the previous section
** The ability to directly connect to client networks and public internets
** The ability to keep information and technology resources safe behind a firewall

As in the SOHO case earlier, everything that we wish to accomplish with IPv6 can be done with "off the shelf" components, including Linux as the firewall/router.

Implementation strategy in IPv4
If we were deploying this architecture for an IPv4 environment, we would base it on our previous SOHO configuration, with a couple of notable exceptions:
** We would use public Internet addresses instead of private addressing assuming that we do not use Network Address Translation but still require access to miscellaneous resources on the Internet.
** We would configure a firewall to limit incoming connections to our network
** We would have to route traffic and therefore establish default routes.
** We may configure a DNS server to answer DNS requests locally for our growing network. However this is probably not necessary because our ISP likely provides DNS and mail service for us.
** The firewall?s outside interface (A) is a globally accessible Internet address. The firewall?s inside interface (B) is also a public IP address pool which must be routable. All hosts (D) on the network are on the same subnet as the firewall?s inside interface (B). All web traffic travels through the web proxy (C) to take advantage of filtering, virus scanning, and caching.

Implementation strategy in IPv6
In IPv6, as in the previous example, the implementation is simple and almost identical to the IPv4 deployment. The simplest configuration options would allow us to take advantage of stateless autoconfiguration on a publicly accessible network address space. To do this, we will need to obtain a 64 bit address block from our ISP. We will also need to configure a firewall to block incoming traffic. Our web-proxy is inside of the firewall. Later, we will configure our firewall/router to perform router advertisements through the Neighbor Advertisement and Solicitation mechanism described in Section 1.

Configuring the firewall in Linux
For a long time, Linux has been a favorite inexpensive firewall solution for small businesses and IT professionals. While the default Linux kernel still has a few bugs in its IPv6 stack (http://www.linux-IPv6.org/overview.html#overview) IPv6 bugs, we can still implement a suitable firewall for our minimalist purposes.

In our previous SOHO example, we used a configuration script to ensure that the proxy server would initialize the IPv6 interfaces for outbound communication. In this example, the firewall, rather than the proxy server, is the outward facing host and therefore needs the configuration of the IPv6 addresses defined previously. In addition, we will need a 64 bit address allocation block from our ISP for our internal address space (so we can do stateless autoconfiguration). In my firewall, I have 2 interfaces, eth0 which faces inward (or toward the "clean side" of the network) and eth3 (which faces the "dirty" side). The "clean side" will have an address from our 64 bit allocation block "hard-coded" to it while the "dirty side" will have the IPv6 address used originally by our proxy sit0 interface. (Also see the original SOHO example in Section 2.) The revised script will look like this:
#!/bin/bash
# the address on eth0 is an arbitrary address on our allocated netw.
/sbin/ifconfig eth0 inet6 add 2001:470:1f00:1040::192.168.1.6/64
/sbin/ifconfig sit0 up
/sbin/ifconfig sit0 tunnel ::64.71.128.82
/sbin/ifconfig sit1 up
/sbin/ifconfig sit1 inet6 add 2001:470:1f00:ffff::759/127
/sbin/route -A inet6 add ::/0 dev sit1

1. First make sure that your system is configured to serve as a firewall AND as an IPv6 host. For the firewall requirement, please see the document http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/pdf/Firewall-HOWTO.pdf Firewall-HOWTO. For the IPv6 host requirement, please refer to the requirements for our SOHO proxy server in the previous section.
2. Next, make sure the netfilter6 package has been installed on the firewall. This can be seen by issuing the following command, and observing the output:
# ******/usr/local/prometeo
root@sparta:> ip6tables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

This happens to be a very poor firewall configuration, but demonstrates that at least the firewall can be configured.

3. Next, we need to create our firewall rules. There are a number of ways to do this, but the best way is to use the "Firewall-HOWTO" guide to determine the proper firewall rules and then make copies of the rules replacing the iptables commands with '''ip6tables''' in a separate script. (It is VERY important that you firewall both the IPv4 AND IPv6 protocols on your firewall if you have IPv4 enabled as well. Otherwise, you could inadvertently leave something open on IPv4 that is closed on IPv6.)

Bandwidth Throttling using squid

2006-04-08T09:07:00.000-07:00

What is Bandwidth throttling :

Consider we are having 512Kbps Internet connection line. And the system administrator wants to divide the whole bandwidth into two sections. Read More

One for the normal users and the other for special users who need high speed internet connection. So that all the normal users can use 256 Kbps and the special users can use the remaining 256 Kbps. So in this case you have to make a bandwidth throttling to differentiate the whole single pipe line into two sections. This can be achieved using squid proxy server.

Squid main configuration file ----- /etc/squid/squid.conf
Squid log file ----- /var/log/squid/access.log
Cache log file ----- /var/log/squid/cache.log

Bandwidth throttling in squid is done using Delay Pools. Delay pools uses bucketing system.

Throttle Calculations
512Kbps(Kilo bits per second) -----> 64Kbytes -----> 64000bytes
256Kbps -----> 32Kbytes -----> 32000bytes
128Kbps -----> 16Kbytes -----> 16000bytes
64Kbps -----> 8Kbytes -----> 8000bytes

Points to remember in Delay Pools:
There are basically three things to note, they are - delay pools, delay class, delay parameters.

Delay pool --- Defines how many pools we want to use
Delay Class ---- Defines type of the pool you are going to use.
Delay Parameter ï¿½ allots the restrictions and fill rate/maximum bucket size.

As I have said previously in this documentation delay pools uses bucketing system.
Now there are three types of buckets

Class 1 pool: A single aggregate bucket, shared by all users
Class 2 pool: One aggregate bucket, 256 individual buckets
Class 3 pool: One aggregate bucket, 256 network buckets, 65,536 individual buckets

If you still have any problem in the above syntax (ie) aggregate, network and individual buckets to understand, then here is a simple syntax/example for all these

For Class 1 delay pool
delay_parameters 1 32000/32000

For Class 2 delay pool
delay_parameters 1 48000/48000 48000/48000

For Class 3 delay pool
delay_parameters 2 32000/32000 8000/8000 16384/16384

Example Setup:
One 512Kbps pipe line. We want to distribute the whole pipe line into 2. One for normal users and other for special users as follows
Normal users --- 128 Kbps
Special Users --- 384 Kbps

Configuration Setup File /etc/squid/squid.conf:
Before getting into the delay pools setup first create the acl(Access Control List). Through acl you can define rules according to your requirements. Find the Access Control section in the squid.conf file.
Here is an example:

acl superusers src 192.168.1.1 192.168.1.2 192.168.1.3
acl mynetwork src 192.168.1.0/255.255.255.0

Here in the above example only three users are special users who need 256Kbps bandwidth which are listed in the specialusers label and the whole network including he special users are labeled as mynetwork.

After creating the users you have to allow them to access the internet. Below line specifies for allowing the mentioned labeled users.

http_access allow superusers
http_access allow mynetwork

Now comes the funny part Delay Pools. Here We will deal with a basic example for delay pools.

The example is as follows: We are having 512Kbps pipe line connection. We want to divide it into segments one for the special users, web servers and the other for the normal users in the organization. The special users and the web servers are given 384Kbps speed and the remaining 128Kbps for the normal users.

Delay Pools for super users:
Check for the delay pools section in the squid.conf file.
Start the configuration for delay pools as follows
==================================
########## Delay Pools############
==================================

delay_pools 2

As described above we have to create 2 delay pools, one for each delay class.
====================================================
######### Defining Delay pool 1 in class 2 #########
====================================================

delay_class 1 2
delay_parameters 1 48000/48000 48000/48000
delay_access 1 allow superusers

The first line specifies Delay Class which defines delay pool 1 for the delay class 2.

Why we are using delay class 2 here?

The first part on the second line ie ï¿½1ï¿½ defines the pool One(1)

The second part on second line defines the aggregate 48000/48000(restore/max). where restore is the number of bytes (not bits - modem and network speeds are usually quoted in bits) per second placed into the bucket, and maximum is the maximum number of bytes which can be in the bucket at any time.

The third part on second line is individual buckets again 48000/48000(restore/max). All the special users and the web servers should obtain the same speed of 384 Kbps.

The third line allows the super users to fall in that bucket.

=====================================================
######### Defining Delay pool 2 in class 3 #########
=====================================================

Delay Pools for normal users:

delay_class 2 3
delay_parameters 2 32000/32000 8000/8000 16384/16384
delay_access 2 allow !superusers

The first line specifies Delay Class which defines delay pool 2 for the delay class 3.

The first part on the second line ie ï¿½2ï¿½ defines the pool Two(2) of class three(3)

The second part on second line defines the aggregate 32000/32000(restore/max) as aggregate (ie for whole).
Note : - If you use -1/-1. ï¿½-1ï¿½ indicates ï¿½unlimitedï¿½.

The third part on second line is network bucket. We have defined here 8000/8000 .

The fourth part on second line is for individual.

The third line specifies to throttle all the users except the super users.

How to check:
First set proxy settings in your browser as follows:
Go to any client machine and open an IE(Internet Explorer). Select "Tools" menu then select "Internet Options" then select "Connections" tab. After that select the "LAN Settings" button, you will get a new pop-up window there you select "Use proxy server for your LAN" check box and finally give your squid proxy servers ip address and the port on which the squid proxy server is configured. Now press "OK" and again press "OK". Cloase the window and now open a new window.
Second Check by downloading any large file

Start to download any lage file not less than 10MB size. Because when ever you download any small file it used to download it quickly. When you start downloading large file at first if you note some starting bytes of the file gets downloaded quickly and later it gets slowed down.

Keep a note on the download pop-up box which shows the speed limits in "kbps". When we start downloading note on the pop-up box the speed limits in kbps shows high value and then slowly gets decreased. This means when you start downloading the bucket gets filled and slowly it decreases and becomes stable to the specified limit in Kbps according to the configuration. Remember again as i told restore value is used to set the download speed, and the max value lets you set the size at which the files are to be slowed down from.

Improve Squid Caching

2006-04-08T09:05:00.000-07:00

1. Create separate partitions for /var/squid/0 and /var/squid/1
2. Edit /etc/squid/squid.conf and specify following settings in it:

cache_dir diskd /var/squid/0/cache0 1536 32 64
cache_dir diskd /var/squid/1/cache0 1536 32 64
cache_dir diskd /var/squid/0/cache1 1536 32 64
cache_dir diskd /var/squid/1/cache1 1536 32 64
cache_dir diskd /var/squid/0/cache2 1536 32 64
cache_dir diskd /var/squid/1/cache2 1536 32 64

3. Comment the following parameters:
cache_mem 8 MB

4. If possible make this two partitions reiserfs.

How to Compile gcc 3.4.4 on aix

2006-04-06T02:46:00.000-07:00

## Build environment
# make -v
GNU Make 3.80
# gcc -v
Reading specs from /usr/bin/../lib/gcc-lib/powerpc-ibm-aix5.2.0.0/2.9-aix51-020209/specs
gcc version 2.9-aix51-020209
# CONFIG_SHELL=/usr/local/bin/bash
# export CONFIG_SHELL
# /usr/local/src/gcc-3.4.2/gcc-3.4.2/config.guess
powerpc-ibm-aix5.2.0.0
# /usr/local/src/gcc-3.4.2/gcc-3.4.2/configure --enable-languages=c,c++ --enable-threads=aix --disable-nls
# date
Mon Oct 18 13:51:06 PDT 2004
# make -j 2
# date
Mon Oct 18 15:00:12 PDT 2004
## Note - this is a 2-processor system (IBM P15).
## I did the build twice, with and without -j 2 and saw no performance gain/loss.
## Results
# gcc -v
Reading specs from /usr/local/lib/gcc/powerpc-ibm-aix5.2.0.0/3.4.2/specs
Configured with: /usr/local/src/gcc-3.4.2/gcc-3.4.2/configure --enable-languages=c,c++ --enable-threads=aix --disable-nls
Thread model: aix
gcc version 3.4.2

How to Compile Linux 2.6 Kernel

2006-04-04T10:23:00.000-07:00

How To Compile Linux 2.6 Kernel on redhat 9/8

STEP 1:

Download the latest version of the kernel and any patches.
This documentation is done with linux-2.6.3, but look for
later versions.
Read More

http://www.kernel.org/pub/linux/kernel/v2.6/

Also take a look at
http://www.codemonkey.org.uk/post-halloween-2.5.txt This has
some useful hints on some of the changes needed.

STEP 2:

Download the latest version of module-init-tools
"module-init-tools-3.0.tar.gz" and
"modutils-2.4.21-23.src.rpm"

http://www.kernel.org/pub/linux/kernel/people/rusty/modules/module-init-tools-3.0.tar.gz
http://www.kernel.org/pub/linux/kernel/people/rusty/modules/modutils-2.4.21-23.src.rpm

STEP 3:

Install module-init-tools. This will replace depmod
[/sbin/depmod] and other tools.

tar -zxvf module-init-tools-3.0.tar.gz
cd module-init-tools-3.0
./configure --prefix=/sbin
make
make install
./generate-modprobe.conf /etc/modprobe.conf

STEP 4:

Install modutils-2.4.21-23.src.rpm. You may get warnings
about user rusty and group rusty not existing. Also, yes,
you'll have to force the install. If you don't do these steps
for both Redhat 9 and Redhat 8, you'll have problems with the
make modules_install.

rpm -i modutils-2.4.21-23.src.rpm
rpmbuild -bb /usr/src/redhat/SPECS/modutils.spec
rpm -Fi /usr/src/redhat/RPMS/i386/modutils-2.4.21-23.i386.rpm

STEP 5:

Install and configure the kernel. Do NOT use the /usr/src/linux
area! Reference the README. I put my files in /home/src/kernel/

gunzip linux-2.6.3.tar.gz tar -xvf linux-2.6.3.tar cd
linux-2.6.3

If you have patches install these now:

bzip2 -dc ../patch-2.6.xx.bz2 | patch -p1

STEP 6:

Copy the appropriate /usr/src/linux-2.4/configs
[kernel-2.4.20-i686.config, kernel-2.4.20-i686-smp.config]
to .config in whatever directory you are installing. In my
case it's /home/src/kernel/linux-2.6.3

cp /usr/src/linux-2.4/configs/kernel-2.4.20-i686.config /home/src/kernel/linux-2.6.3/.config

If you don't have the source configs, you can download them
from here:

https://sourceforge.net/project/showfiles.php?group_id=79320&package_id=109944

I've also included a file config2.6-chirico which was a 2.6
version for some of my systems. This isn't a bad reference if
you run into trouble.

STEP 7:

Assuming you copied the appropriate kernel-2.4 config to
.config, run the following which will run through necessary
questions for the 2.6 kernel. Or, you might want to use the
config2.6-chirico...this has already been run through make
oldconfig on my system, and I've answered the necessary questions
for a general system.

make oldconfig

STEP 8:

This is very important. Make sure you're .config has the
following in it CONFIG_EXT3_FS=y You'll run into the following
error if you leave this =m instead of =y:

pivotroot: pivot_root(/sysroot,/sysroot/initrd) failed

This is because Redhat 9.0 and 8.0 use the ext3 filesystem
for /boot ...

STEP 9:

Edit the Makefile and add changes to the Extraversion is needed.
Patches will update these values as well.

VERSION = 2
PATCHLEVEL = 6
SUBLEVEL = 3
EXTRAVERSION = -skim-ch6

STEP 10:

make bzImage

STEP 11:

make modules

STEP 12:

make modules_install

STEP 13:

make install

If you come across errors here, what version of "depmod" is
being picked up in your path?

Also, if you get a module not found, say the following:
No module aic7xxx found for kernel 2.6.x
Then, in /lib/modules/2.6.x/kernel/drivers/scsi/aic7xxx/
cp aic7xxx.ko aic7xxx.o

insmod should look for aic7xxx.ko ;but , it looks for aic7xxx.o

If you still have trouble, make the following change in the
.config
CONFIG_BLK_DEV_SD=y
and go back to STEP 10.

You also may want to ref
kernel-2.6.3-i686-smp-chirico-aic7xxx.config
in
http://prdownloads.sourceforge.net/souptonuts/configs-0.3.tar.gz?download

STEP 14:

mkdir /sys

STEP 15:

/etc/rc.sysinit needs to be modified. Look for the following
line:

action $"Mounting proc filesystem: " mount -n -t proc /proc /proc

and after this line enter the following:

action $"Mounting sysfs filesystem: " mount -t sysfs none /sys

Here's my /etc/rc.sysinit for reference:

http://prdownloads.sourceforge.net/souptonuts/rc.sysinit.txt?download

Be very careful at this step. Backup the /etc/rc.sysinit file.

Thomer [http://thomer.com/linux/migrate-to-2.6.html ] also added
changes to /etc/fstab. I only had to do STEP 16 below.

STEP 16:

Add the following to /etc/fstab for usb support.

/proc/bus/usb /proc/bus/usb usbdevfs defaults 0 0

STEP 17 (CHECKING EVERYTHING):

Check the following:

a. The new image file should be installed on boot and there
should be sym link to it. My latest kernel is 2.6.3-skim-ch6,
and I got the "-skim-ch6" from the values I put in the Makefile,
so I see the following:

/boot
vmlinuz -> vmlinuz-2.6.3-skim-ch6
System.map -> System.map-2.6.3-skim-ch6

/boot/grub/grub.conf Should have been automatically
updated from make.

In /boot/grub/grub.conf change "default=0" to boot
with the new kernel. Here's an example of my
grub.conf:

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to
# root (hd0,2)
# kernel /vmlinuz-version ro root=/dev/hda6
# initrd /initrd-version.img
#boot=/dev/hda
default=0
timeout=10
splashimage=(hd0,2)/grub/splash.xpm.gz
title Red Hat Linux (2.6.3-skim-ch6)
root (hd0,2)
kernel /vmlinuz-2.6.3-skim-ch6 ro root=LABEL=/
initrd /initrd-2.6.3-skim-ch6.img

b. The directory /sys exists

c. You added the mount command for sys in /etc/rc.sysinit

d. CONFIG_EXT3_FS=y was used in the .config

e. Run /sbin/lsmod or cat /proc/modules to make
sure a 2.4 kernel module wasn't forgotten. Also
look at "$cat /proc/iomem"

STEP 18 (DEVELOP YOUR OWN 2.6 MODULES):

You're done with the 2.6 build. So learn how to develop
2.6 kernel modules. First, checkout the following article

http://lwn.net/Articles/driver-porting/

Then, take a look at the following sample code, which shows how
to create /proc entries for communicating with the kernel and writing
out to any available tty device.

http://prdownloads.sourceforge.net/souptonuts/procreadwrite.0.0.1a.tar.gz?download

REFERENCES:

http://www.codemonkey.org.uk/post-halloween-2.5.txt
http://kerneltrap.org/node/view/799
http://thomer.com/linux/migrate-to-2.6.html
http://www.kernel.org/

http://bugzilla.kernel.org/
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&group=linux.kernel
http://linuxdevices.com/articles/AT3855888078.html

http://prdownloads.sourceforge.net/souptonuts/README_26.txt?download
http://prdownloads.sourceforge.net/souptonuts/rc.sysinit.txt?download
http://prdownloads.sourceforge.net/souptonuts/configs-0.3.tar.gz?download
https://sourceforge.net/forum/forum.php?forum_id=353715

http://www.redhat.com/software/rhel/kernel26/
http://www.tldp.org/HOWTO/KernelAnalysis-HOWTO.html
http://www-124.ibm.com/linux/projects/?topic_id=2

KERNEL DRIVER DEVELOPMENT IN 2.6:

Excellent (series of articles):
http://lwn.net/Articles/driver-porting/

Here's my sample program:
http://prdownloads.sourceforge.net/cpearls/procreadwrite.0.0.1a.tar.gz?download

Good but dated for 2.4 kernel:
http://www.oreilly.com/catalog/linuxdrive2/

http://linuxdevices.com/articles/AT4389927951.html
http://linuxdevices.com/articles/AT5793467888.html

How to Compile 2.6 kernel for RedHat 9/8

How to Compile 2.6 kernel for RedHat 9/8
Mike Chirico
Last Updated: Wed Mar 24 09:12:06 EST 2004

The latest version of this document can be found at:
http://prdownloads.sourceforge.net/souptonuts/README_26.txt?download

For configs ref:
http://sourceforge.net/project/showfiles.php?group_id=79320&package_id=109944

How to Configure Infrared Device on Linux

2006-04-04T10:21:00.000-07:00

How to Configure Infrared Device on Linux

http://tldp.org/HOWTO/Infrared-HOWTO/index.html

2006-04-04T10:19:00.000-07:00

Configuring Linux

This is a basic article on how to configure Linux so that it will run your webserver, telnet, ftp, mysql etc. It is primarily focused for Fedora/RedHat releases but applies to almost all server based flavors.
Read More

Summary of Commands
Trying to Start:

Then try doing this:
httpd cd /etc/rc.d/init.d/
then type:
./httpd start
mysql cd /etc/rc.d/init.d/
then type:
./mysqld start
telnet Edit the file /etc/xinetd.d/telnetd
changing the two lines to:
# default: on
disabled = no
then try doing this
/etc/rc.d/init.d/xinetd restart
ftp
Edit the file /etc/xinetd.d/wu-ftpd
changing the two lines to:
# default: on
disabled = no
then run the command
/etc/rc.d/init.d/xinetd restart

Details of Configuring Linux
EDITORS NOTE: Some of the newest flavors of Linux have changed the locations of the configuration files. For this reason please note that most of these commands apply best to Fedora/Redhat. However, some configuration commands like the use of xinetd or running chkconfig are useful on almost all Linux/Unix systems.

First off, I should mention that this guide is best used when in front of your Linux computer, with an open xterm session. The exact commands come from RedHat 7.1+ related server, but apply to most Linux servers.

TIP 1. When you need to find a particular file/directory then use the 'locate' command (on Fedora slocate works well too) to find things on your server. Like, typing: locate xinetd

TIP 2. If you did not know this already, all of the web server html files for Fedora are placed under: /var/www/html

Step 1. Which Processes are Running On Your Server?
If you don't know, then you need to find out asap! Use the command:
/sbin/chkconfig --list

The output would look something like:
…
httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
telnet: off
…

The above command will give you a long list of processes with info beside them like "off". Any process with the word "off" next to it can be assumed disabled by default during startup. You should look for your processes that are usually needed for running a webserver like httpd, telnet, wu-ftp, mysqld. All of these should be "on" by default.

Step 2. Get Processes Started
Starting up your webserver (httpd), mysql (mysqld), sendmail, etc. is easy so long as you follow the directions from the steps below.

For your webserver and mysql, you can enable these things right away for use during this session.

Change to the initialization (aka init) directory:
cd /etc/rc.d/init.d/

This directory (when listed) shows all processes you can start like httpd and mysqld. For now let's start our web server with the command:
./httpd start

You should then see:
Starting httpd: [ OK ]

Now enable your webserver (httpd) for ALL future STARTUPS!

1. Edit the config files as applied to the "rc" directory of your choice. Remember that all resource files activated at different run times are in different rc.d directories. For instance, when your server is loaded at runtime level 5 (usual) then all the resources under rc5.d are activated. Change directory to:
/etc/rc.d/rc5.d
Remember that the rc5.d is a resource directory (under /etc) for run level 5... etc.

You edit files in these directories to control what occurs at different run levels. Files with a prefix of K are NOT installed to run at startup. Files with S are ready to run at startup. Example names: K74ypserv or S14nfslock.

You can always use something like the command:
/sbin/chkconfig --add httpd
to add the web server to the future startups. However, I prefer doing my change manually.

2. You can manually force this by simply using a command like:
mv K15httpd S15httpd

Summary for those needing one... You now should have your webserver started and ready as default for all future starts with:
./httpd start
mv k15httpd s15httpd

Step 3. What About telnet and ftp?
Ok, you're smart enough to have noticed that following the steps above you can not get telnet or ftp started. That's because they are not part of the initd process, but rather the xinetd process. The xinetd process handles the startup of all of your network related protocols etc.

1st Start telnet first by changing directories to xinetd:
cd /etc/xinetd.d/

Next type ls to list all of the processes that can be configured. You'll notice for instance the file telnet.

2nd Edit the telnet file and change two lines:
# default: on
...
disabled = no

These lines are not adjacent, but usually the first and last lines of the configuration file (in our case telnet). You need to edit all configuration files that apply to things you're trying to start. Many processes come by default turned off and disabled = yes. You can edit files like telnet, wu-ftp, etc.

3rd Once you have edited and saved the files with the default on and disabled = no, you can force an automatic restart of the xinetd to load without rebooting:
/etc/rc.d/init.d/xinetd restart

Finally, you should see:
Stopping xinetd: [ OK ] Starting xinetd: [ OK ]

Believe it or not, following all of this you should now have running:
httpd (webserver)
telnet

Now check to see what processes you have running again by using:
/sbin/chkconfig –list
or use the long "process" ps command like: ps -e | grep http.

You can use these same steps above to get mysql and ftp running. Replace httpd with mysql, and telnet with wu-ftpd. Always remember there is a difference between configuration and startup files under initd and xinetd.

Hopes this helps you get going! Special thanks to John for his inspiration and to Tom for catching a typo that could have mislead readers!

Beginers Area Launched

2006-04-03T19:55:00.000-07:00

Well a good News for Beginers I have launched a Beginers Area So Its Just the Place for u if u are a NewBie It will Feature everything Which Suits for Beginers Hope you will like it http://www.beginlinux.blogspot.com

Oracle 10g

2006-04-03T11:21:00.000-07:00

======
RHEL4
======
Oracle Database 10g Release 2 is certified to run the base release of
RHEL4 (Advanced Server and Enterprise Server) without updates. (Free
evaluation copies of RHEL4 are available for download.) If you have update
CDs, you can use the boot CD from the update instead of the boot CD
from the base release to automatically apply all updates during the
installation. All updates from Red Hat are supported by Oracle.
Read More

The easiest and fastest way to apply the updates for a fresh install of
Linux is to perform the install by using the update CDs. If Linux is
already installed or you don't have the updates on CDs, they can be
applied through RHN. Because this guide is designed for a fresh Linux
install, you'll use the update CDs.

1. Boot the server using the first CD.
* You may need to change your BIOS settings to allow booting
from the CD.
2. The boot screen appears with the boot: prompt at the bottom of
the screen.
* Select Enter to continue with a graphical install on the
console. (For other installation methods and options, refer to the Red
Hat Installation Guide.)
* The installer scans your hardware, briefly displays the Red
Hat splash screen, and then begins a series of screen prompts.
3. Language Selection
* Accept the default.
4. Keyboard Configuration
* Accept the default.
5. Welcome Screen
* Click on Next.
6. Disk Partitioning Setup
* A thorough treatment of disk partitioning is beyond the
scope of this guide, which assumes that you are familiar with disk
partitioning methods.

(WARNING: Improperly partitioning a disk is one of the
surest and fastest ways to wipe out everything on your hard disk. If you
are unsure how to proceed, stop and get help, or you will risk losing
data!)

This guide uses the following partitioning scheme, with
ext3 for each filesystem:

The 9GB disk on the first controller (/dev/sda) will hold
all Linux and Oracle software and contains the following partitions:
- 100MB /boot partition
-1,500MB swap partition—Set this to at least twice the
amount of RAM in the system but to no more than 2GB. (Thirty-two-bit
systems do not support swap files larger than 2GB.) If you need more than 2GB
of swap space, create multiple swap partitions.
-7,150MB root partition—This partition will be used for
everything, including /usr, /tmp, /var, /opt, /home, and more. This
approach is purely to simplify installation for the purposes of this guide. A
more robust partitioning scheme would separate these directories onto
separate filesystems.
7. Boot Loader Configuration
* Accept the default.
8. Network Configuration
* It is usually best to configure database servers with a
static IP address. To do so, click on Edit .
* A pop-up window appears. Uncheck the Configure using DHCP
box, and enter the IP Address and Netmask for the server. Be sure that
Activate on boot is checked, and click on OK .
* In the Hostname box, select manually and enter the
hostname.
* In the Miscellaneous Settings box, enter the remaining
network settings.
9. Firewall Configuration
* For the purposes of this walk-through, no firewall is
configured. Select No firewall
* Select Disabled on the "Enable SELinux" drop down list.
* Click on Proceed when the "Warning - No Firewall" window
appears.
10. Additional Language Support
* Accept the default.
11. Time Zone Selection
* Choose the time settings that are appropriate for your
area. Setting the system clock to UTC is usually a good practice for
servers. To do so, click on System clock uses UTC.
12. Set Root Password
* Enter a password for root, and enter it again to confirm.
13. Package Installation Defaults
* Select Customize software packages to be installed.
14. Package Group Selection
* Select only the package sets shown here and leave all
others unselected.
* Desktop
o X Window System
o Gnome
* Applications
o Graphical Internet (optional)
* Servers
o Do not select anything in this group.
* Development
o Development Tools
* System
o Administration Tools
o System Tools
+ Add the package 'sysstat' by clicking on the
Details link and selecting "sysstat - The sar an iostat system monitoring
commands." from the Optional Packages list.
* Miscellaneous
o Do not select anything in this group.
* Click on Next to proceed.
15. Installing Packages
* Software will be copied to the hard disk and installed.
Change disks as prompted.
16. Congratulations
* Remove the installation media from the system, and click on
Reboot .
17. The system automatically reboots and presents a new welcome
screen.
* Click on Next.
18. License Agreement
* Read the license agreement. If you agree to the terms,
select Yes, I agree to the License Agreement and click on Next.
19. Date and Time
* Set the Date and Time.
* If you want to use an NTP server (recommended), select
Enable Network Time Protocol and enter the name of the NTP server.
20. Display
* Accept the defaults or change as required.
21. Red Hat Login
* Enter your Red Hat Network login and password or create a
new one.
22. System User
* Create an account for yourself.
* Do not create an account for oracle at this time. Creating
the oracle account is covered later in this section.
23. Additional CDs
* Click on Next.
24. Finish Setup
* Click on Next.
25. A graphical login screen appears.
26. Congratulations! Your RHEL4 software is now installed.

Verifying Your Installation

Required kernel version: 2.6.9-5.0.5.EL This kernel, or any of the
kernels supplied in updates, works with Oracle Database 10g Release 2 .

Check your kernel version by running the following command:

uname -r

Ex:
# uname -r
2.6.9-22.ELsmp

Once you've completed the steps above, all of the packages required for
Oracle Database 10g Release 2 will have been installed. Verify this
using the example below.
Required package versions (or later):

* binutils-2.15.92.0.2-10.EL4
* compat-db-4.1.25-9
* control-center-2.8.0-12
* gcc-3.4.3-9.EL4
* gcc-c++-3.4.3-9.EL4
* glibc-2.3.4-2
* glibc-common-2.3.4-2
* gnome-libs-1.4.1.2.90-44.1
* libstdc++-3.4.3-9.EL4
* libstdc++-devel-3.4.3-9.EL4
* make-3.80-5
* pdksh-5.2.14-30
* sysstat-5.0.5-1
* xscreensaver-4.18-5.rhel4.2
* libaio-0.3.96
* openmotif21-2.1.30-11.RHEL4.2 (Required only to install Oracle
demos. Installation of Oracle demos is not covered by this guide.)

To see which versions of these packages are installed on your system,
run the following command:

rpm -q binutils compat-db control-center gcc gcc-c++ glibc glibc-common
gnome-libs libstdc++ libstdc++-devel make pdksh sysstat xscreensaver
libaio openmotif21

Ex:
# rpm -q binutils compat-db control-center gcc gcc-c++ glibc
glibc-common > gnome-libs libstdc++ libstdc++-devel make pdksh sysstat xscreensaver
libaio openmotif21
binutils-2.15.92.0.2-15
compat-db-4.1.25-9
control-center-2.8.0-12.rhel4.2
gcc-3.4.4-2
gcc-c++-3.4.4-2
glibc-2.3.4-2.13
glibc-common-2.3.4-2.13
gnome-libs-1.4.1.2.90-44.1
libstdc++-3.4.4-2
libstdc++-devel-3.4.4-2
make-3.80-5
pdksh-5.2.14-30.3
sysstat-5.0.5-1
xscreensaver-4.18-5.rhel4.9
libaio-0.3.103-3
openmotif21-2.1.30-11.RHEL4.4

=====================================================================================
Part II: Configuring Linux for Oracle
=====================================================================================

Now that the Linux software is installed, you need to configure it for
Oracle. This section walks through the steps required to configure
Linux for Oracle Database 10g Release 2.

Verifying System Requirements

To verify that your system meets the minimum requirements for an Oracle
Database 10g Release 2 database, log in as root and run the commands
below.
To check the amount of RAM and swap space available, run this:

grep MemTotal /proc/meminfo
grep SwapTotal /proc/meminfo

Ex:
# grep MemTotal /proc/meminfo
MemTotal: 1034680 kB
# grep SwapTotal /proc/meminfo
SwapTotal: 1534196 kB

The minimum RAM required is 1024MB, and the minimum required swap space
is 1GB. Swap space should be twice the amount of RAM for systems with
2GB of RAM or less and between one and two times the amount of RAM for
systems with more than 2GB.

You also need 2.5GB of available disk space for the Oracle Database 10g
Release 2 software and another 1.2GB for the database. The /tmp
directory needs at least 400MB of free space. To check the available disk
space on your system, run the following command:

df -h

Ex:
# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 6.8G 1.3G 5.2G 20% /
/dev/sda1 99M 17M 77M 18% /boot

The example shows that the /tmp directory does not have its own
filesystem. (It's part of the root filesystem for this guide.) With 5.2 GB
available, the root filesystem has just enough space for the installation
(2.5 + 1.2 + 0.4 = 4.1GB) with a little room left over.

Create the Oracle Groups and User Account

Next, create the Linux groups and user account that will be used to
install and maintain the Oracle Database 10g Release 2 software. The user
account will be called oracle, and the groups will be oinstall and dba.
Execute the following commands as root:

/usr/sbin/groupadd oinstall
/usr/sbin/groupadd dba
/usr/sbin/useradd -m -g oinstall -G dba oracle
id oracle

Ex:
# /usr/sbin/groupadd oinstall
# /usr/sbin/groupadd dba
# /usr/sbin/useradd -m -g oinstall -G dba oracle
# id oracle
uid=501(oracle) gid=502(oinstall) groups=502(oinstall),503(dba)

Set the password on the oracle account:

passwd oracle

Ex:
# passwd oracle
Changing password for user oracle.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

Create Directories

Now create directories to store the Oracle Database 10g Release 2
software and the database files. This guide adheres to the Optimal Flexible
Architecture (OFA) for the naming conventions used in creating the
directory structure. For more information on OFA standards, see Appendix C
of the Oracle Database Installation Guide 10g Release 2 (10.2) for
Linux x86.

The following assumes that the directories are being created in the
root filesystem. This is done for the sake of simplicity and is not
recommended as a general practice. These directories would normally be
created as separate filesystems.

Issue the following commands as root:

mkdir -p /u01/app/oracle
chown -R oracle:oinstall /u01/app/oracle
chmod -R 775 /u01/app/oracle

Ex:
# mkdir -p /u01/app/oracle
# chown -R oracle:oinstall /u01/app/oracle
# chmod -R 775 /u01/app/oracle

Configuring the Linux Kernel Parameters

The Linux kernel is a wonderful thing. Unlike most other *NIX systems,
Linux allows modification of most kernel parameters while the system is
up and running. There's no need to reboot the system after making
kernel parameter changes. Oracle Database 10g Release 2 requires the kernel
parameter settings shown below. The values given are minimums, so if
your system uses a larger value, don't change it.

kernel.shmall = 2097152
kernel.shmmax = 536870912
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
fs.file-max = 65536
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_default=262144
net.core.wmem_default=262144
net.core.rmem_max=262144
net.core.wmem_max=262144

If you're following along and have just installed Linux, the kernel
parameters will all be at their default values and you can just cut and
paste the following commands while logged in as root.

cat >> /etc/sysctl.conf <kernel.shmall = 2097152
kernel.shmmax = 536870912
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
fs.file-max = 65536
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_default=262144
net.core.wmem_default=262144
net.core.rmem_max=262144
net.core.wmem_max=262144
EOF
/sbin/sysctl -p

Ex:
# cat >> /etc/sysctl.conf <> kernel.shmall = 2097152
> kernel.shmmax = 536870912
> kernel.shmmni = 4096
> kernel.sem = 250 32000 100 128
> fs.file-max = 65536
> net.ipv4.ip_local_port_range = 1024 65000
> EOF
# /sbin/sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.shmall = 2097152
kernel.shmmax = 536870912
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
fs.file-max = 65536
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_default = 262144
net.core.wmem_default = 262144
net.core.rmem_max = 262144
net.core.wmem_max = 262144

Run the following commands as root to verify your settings:

/sbin/sysctl -a | grep shm
/sbin/sysctl -a | grep sem
/sbin/sysctl -a | grep file-max
/sbin/sysctl -a | grep ip_local_port_range
/sbin/sysctl -a | grep rmem_default
/sbin/sysctl -a | grep rmem_max
/sbin/sysctl -a | grep wmem_default
/sbin/sysctl -a | grep wmem_max

Ex:
# /sbin/sysctl -a | grep shm
kernel.shmmni = 4096
kernel.shmall = 2097152
kernel.shmmax = 536870912
kernel.shm-use-bigpages = 0
# /sbin/sysctl -a | grep sem
kernel.sem = 250 32000 100 128
# /sbin/sysctl -a | grep file-max
fs.file-max = 65536
# /sbin/sysctl -a | grep ip_local_port_range
net.ipv4.ip_local_port_range = 1024 65000
# /sbin/sysctl -a | grep rmem_default
net.core.rmem_default = 262144
# /sbin/sysctl -a | grep rmem_max
net.core.rmem_max = 262144
# /sbin/sysctl -a | grep wmem_default
net.core.wmem_default = 262144
# /sbin/sysctl -a | grep wmem_max
net.core.wmem_max = 262144

For Novell SUSE Linux releases, use the following to ensure that the
system reads the /etc/sysctl.conf file at boot time:

/sbin/chkconfig boot.sysctl on

Setting Shell Limits for the oracle User

Oracle recommends setting limits on the number of processes and open
files each Linux account may use. To make these changes, cut and paste
the following commands as root:

cat >> /etc/security/limits.conf <oracle soft nproc 2047
oracle hard nproc 16384
oracle soft nofile 1024
oracle hard nofile 65536
EOF

cat >> /etc/pam.d/login <session required /lib/security/pam_limits.so
EOF

For RHEL4, use the following:

cat >> /etc/profile <if [ \$USER = "oracle" ]; then
if [ \$SHELL = "/bin/ksh" ]; then
ulimit -p 16384
ulimit -n 65536
else
ulimit -u 16384 -n 65536
fi
umask 022
fi
EOF

cat >> /etc/csh.login <if ( \$USER == "oracle" ) then
limit maxproc 16384
limit descriptors 65536
umask 022
endif
EOF

For SLES 9, use the following:

cat >> /etc/profile.local <if [ \$USER = "oracle" ]; then
if [ \$SHELL = "/bin/ksh" ]; then
ulimit -p 16384
ulimit -n 65536
else
ulimit -u 16384 -n 65536
fi
umask 022
fi
EOF

cat >> /etc/csh.login.local <if ( \$USER == "oracle" ) then
limit maxproc 16384
limit descriptors 65536
umask 022
endif
EOF

=====================================================================================
Part III: Installing Oracle
=====================================================================================

Oracle Database 10g Release 2 can be downloaded from OTN. Oracle offers
a development and testing license free of charge. However, no support
is provided and the license does not permit production use. A full
description of the license agreement is available on OTN.

The easiest way to make the Oracle Database 10g Release 2 distribution
media available on your server is to download them directly to the
server.

Use the graphical login to log in as oracle.

Create a directory to contain the Oracle Database 10g Release 2
distribution:

mkdir 10gR2_db

To download Oracle Database 10g Release 2 from OTN, point your browser
(Firefox works well) to
http://www.oracle.com/technology/software/products/database/oracle10g/htdocs/10201linuxsoft.html.
Fill out the Eligibility Export Restrictions page, and read the OTN
License agreement. If you agree with the restrictions and the license
agreement, click on I Accept.

Click on the 10201_database_linux32.zip link, and save the file in the
directory you created for this purpose (10gR2_db)—if you have not
already logged in to OTN, you may be prompted to do so at this point.

Unzip and extract the file:

cd 10gR2_db
unzip 10201_database_linux32.zip

Install the Software and Create a Database

Log in using the oracle account.
Change directory to the location where you extracted the Oracle
Database 10g Release 2 software.

Ex:
$ cd $HOME/10gR2_db

Change directory to Disk1.

Ex:
$ cd database

Start the Oracle Universal Installer.

$ ./runInstaller

1. Select Installation Method
* Select Basic Installation
* Oracle Home Location: /u01/app/oracle/product/10.2.0/db_1
* Installation Type: Enterprise Edition (1.3GB)
* UNIX DBA Group: oinstall
* Make sure Create Starter Database is checked
* Global Database Name: demo1
* Enter the Database Password and Confirm Password
* Click on Next
2. Specify Inventory Directory and Credentials
* Inventory Directory: /u01/app/oracle/oraInventory
* Operating System group name: oinstall
* Click on Next
3. Product-specific Prerequisite Checks
* If you've been following the steps in this guide, all the
checks should pass without difficulty. If one or more checks fail,
correct the problem before proceeding.
* Click on Next
4. Summary
* A summary of the products being installed is presented.
* Click on Install.
5. Configuration Assistants
* The Oracle Net, Oracle Database, and iSQL*Plus
configuration assistants will run automatically
6. Execute Configuration Scripts
* At the end of the installation, a pop up window will appear
indicating scripts that need to be run as root. Login as root and run
the indicated scripts.
* Click on OK when finished.
7. End of Installation
* Make note of the URLs presented in the summary, and click
on Exit when ready.
8. Congratulations! Your new Oracle Database 10g Release 2 database
is up and ready for use.

How to get the LANn card's speed on linux

2006-04-03T11:14:00.001-07:00

For logging on to the net or for attaching as a node on a LAN, your computer needs a network card. The network card forms the interface between your computer and the network.Read More

There are different kinds of network cards available in the market depending on its speed and other features. Here is a tip to find out the characteristics of your network card.

If you want to find what type of network card is used, its speed, on which IRQ it is listed, and the chip type used, you use the following command :

# dmesg |grep eth0

Here eth0 is the first network card. If you have additional cards, it will be named eth1, eth2 and so on. And here is the output of the above command :

divert: allocating divert_blk for eth0
eth0: RealTek RTL8139 at 0xd800, 00:80:48:34:c2:84, IRQ 9
eth0: Identified 8139 chip type 'RTL-8100B/8139D'
divert: freeing divert_blk for eth0
divert: allocating divert_blk for eth0
eth0: RealTek RTL8139 at 0xd800, 00:90:44:34:a5:33, IRQ 9
eth0: Identified 8139 chip type 'RTL-8100B/8139D'
eth0: link up, 100Mbps, full-duplex, lpa 0x41E1
eth0: no IPv6 routers present
...

The important things to note here are those highlighted in colour. As you can see from the above listing, my ethernet card is a RealTek RTL8139 chipset based card on IRQ 9 (Interrupt Request). Its speed is 100 Mbps and is a full-duplex card. And the link is up.

As is the philosophy of Linux, there is more than one way of finding the same information. Linux also comes with a cute sounding tool called mii-tool which can also be used to get the same information about your network card.

# mii-tool -v eth0

eth0: negotiated 100baseTx-FD, link ok
product info: vendor 00:00:00, model 0 rev 0
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD
10baseT-HD
...

Here -v is verbose mode. From the above listed output, one can see that the ethernet card is working as a 100baseTX, FD (Full Duplex) card which can work in the following modes :

* 100 Mbps Speed (Full duplex or half duplex ) or
* 10 Mbps speed (Full duplex or half duplex).

And it uses autonegotiation to bring up the link. You can call the above device as a 10/100 NIC.
Another tool which also does the same thing is ethtool. Try the following command on your machine to see the output.

# ethtool eth0

Settings for eth0:
Supported ports: [ TP MII ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Advertised auto-negotiation: Yes
Speed: 100Mb/s
Duplex: Full
Port: MII
PHYAD: 32
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: pumbg
Wake-on: p
Current message level: 0x00000007 (7)
Link detected: yes

Here full duplex, half duplex and auto-negotiation have the following meanings.
Full Duplex - Logic that enables concurrent sending and receiving. This is usually desirable and enabled when your computer is connected to a switch.

Half Duplex - This logic requires a card to only send or receive at a single point of time. When your machine is connected to a Hub, it auto-negotiates itself and uses half duplex to avoid collisions.

Auto-negotiation - This is the process of deciding whether to work in full duplex mode or half duplex mode. An ethernet card supporting autonegotiation will decide for itself which mode is the optimal one depending on the network it is attached to.

2006-04-03T11:14:00.000-07:00

For logging on to the net or for attaching as a node on a LAN, your computer needs a network card. The network card forms the interface between your computer and the network.Read More