General Admin - the Tao of Linux/Unix administration [ edit ]
2015-08-31 updated, rickatech

Basic install

• Do a minimal OS install
• Use RCS! You will never be able to keep tabs on the really relevant adjustments if you don't snapshot configuration files before you change them.  Ansible, puppet, and other configuration tools are great for remote system management, but they often can't easily show history of a critical configuration file.  Whereas RCS is simple to enable and works even when network is broken.
• Keep notes about system state in /root, and use RCS to provide a change trail
  general notes
    - section for what to check after a reboot
    - section with dated log for non-trivial server upgrades
  chkconfig --list (for legacy system v) and systemctl list-unit-files for (systemd)
  crontab -l
  rpm -qa
  ... and other system wide state
• Do create a crontab that dumps df -lh and ls -lh /var/spool/mail to a mail address you monitor regularly.
• View/purge root mail before it's mail spool gets bigger than a few MBytes. It is better to have a small root mail spool that can be easily opened and read than to have a gianormous one that may be difficult to open when system is under stress.

Extra steps for virtualized setups

• Disable network header offloading.  Most virtual machines use para-virtual interfaces, and for some reason such interfaces still default to attmpting to have hardware header processing enabled.  This can silently increase CPU load, corrupt packets, and add extra weirdness to network connections - so just turn it off. 

# cat net.sh

  # does this need network restart afterward?
  ethtool -K ens192 gso off; ethtool -K ens192 tso off; ethtool -K ens192 lro off; ethtool -K ens192 gro off;
  ethtool -k ens192

dnf
2024-09 updated, rickatech

dnf is the successor package management updater as of around 2020 for Fedora, RHEL, and CentOS since for some reason venerable yum was allegedly unfixable.

It is not uncommon for dnf commands to use a lot of memory.  Combine that with cloud servers are often configured without a memory swapfile to save cost.  An unfortunate result is dnf commands are killed due to insufficient memory.  Turns out it can be rather easy to enable swapfile to extend usable memory on the fly, after which dnf commands run to completion - system updates and all can resume.

# dnf provides ip

  Killed

$ swapon --show

$ free -h

$ df -lh

$ free -m

$  cat /proc/swaps

$ cat /ect/fstab

$ ls -lh /

$ fallocate -l 1G /swapfile

$ ls -lh /

$ df -lh

$ chmod 0600 /swapfile

$ mkswap /swapfile

$ swapon /swapfile

$ free

$ dnf provides ip

  [ runs fine ]

# swapoff -a

  [ tells kernel to purge swap ]

# free

  [ check until Swap: used 0 ]

# swapon -a

  [ to re-enable swap, check with free that it is enabled,
    may need to swapon /swapfile
    or remove the swap file to reclaim storage ] 

git

The Über alternative to version control and configuration management.  As of RHEL / Centos 6 this seems to be included in standard release packages.

systemd  

As of 2014, many system administrator are experiencing adventures introduced by the wide adopting of systemd across most popular Linux distributions.  For the most part functionality is the same, but many common commands have migrated to systemd equivalents.  Following is shell session excerpt from RHEL/CentOS 7 basic Apache setup leveraging systemd style commands.

# rpm -qa | grep httpd

  httpd-2.4.6-19.el7.centos.x86_64

# /etc/httpd/mkdir vhosts-enabled

# /etc/httpd/mkdir vhosts-disabled

# ls -lh /etc/httpd/vhosts-enabled/

  -rw-r--r-- 1 root root 1.2K Feb  8 13:39 foo.bar.org.conf

# rcsdiff /etc/httpd/conf/httpd.conf 

  > 
  > # vhost configs
  > IncludeOptional vhosts-enabled/*.conf

# cat vhosts-enabled/foo.bar.org.conf 

  <Directory "/public/foobar/site">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
  </Directory>

  <VirtualHost *:80>
    ServerName foo.bar.org
    DocumentRoot /public/foobar/site
    ErrorLog  /var/log/httpd/foo.bar.org/error.log
    CustomLog /var/log/httpd/foo.bar.org/requests.log combined 
  </VirtualHost>

# cat /public/foobar/site/index.html 

  test

# systemctl restart httpd

# systemctl status httpd.service

# tail -f /var/log/httpd/foo.bar.org/error.log 

# tail -f /var/log/httpd/foo.bar.org/requests.log 

# systemctl list-unit-files --type=service 

Text Editing - Use vi / vim!

Case-insensitive searching in vi is enabled thusly:
in command mode type :set ignorecase or :set ic and to revert back type :set noignorecase or :set noic. Also, consider putting set ignorecase into your vi configuration file.

File Access Control List (ACL)
2020-09 rickatech

Notice the + sign, that means an acl has been specified, and that your file system has acl enabled.  Typical distros come preconfigured with acl enable, but in some cases a package may need to be installed first.

$ ls -lh 

  -rw-rw-r--  1 will   webapp 872 Mar 19  2020 notes.txt
  drwxrwsr-x+ 6 will   webapp  93 Sep 27 05:56 Organizations
  drwxr-sr-x  3 apache webapp  21 Sep  5 09:13 Organizations.Rick LLC
  drwxrwsr-x  5 will   webapp  62 Sep 18 22:25 Projects
  drwxrwsr-x  2 will   webapp  66 Apr 25 05:22 uploads
  drwxrwsr-x  2 apache webapp   6 Aug  3 07:27 Users

$ getfacl Organizations

  # file: Organizations
  # owner: will
  # group: webapp
  # flags: -s-
  user::rwx
  group::rwx
  other::r-x
  default:user::rwx
  default:group::rwx
  default:mask::rwx
  default:other::r-x 

The -m -x -d -k flags for setfacl are particular useful, as is getfacl.

Ansible
2017-02 rickatech

Ansible is an open source remote system management toolset, recently acquired by commercial Linux vendors RedHat.  It allows reasonably low effort remote server administration .  Beginning users are encouraged to leave remote systems root login open to more easily get things working, with the caveat that many consider that a poor security best practice.

# yum install ansible

  ...

# ansible --version

  ansible 2.2.1.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = Default w/o overrides 

# mkdir ansible; cd ansible; ssh-keygen -f ansible_rsa

  Generating public/private rsa key pair ...

  [ using -f overrides default key name,
    forcing more specific key parameters below ]

# ls; cd ..

  ansible_rsa
  ansible_rsa.pub

# ssh-copy-id -i ansible/ansible_rsa.pub c7x2ip76.local.zaptech.org

  Are you sure you want to continue connecting (yes/no)? yes
  Number of key(s) added: 1

# ssh c7x2ip76.local.zaptech.org -i ansible/ansible_rsa

  [ test remote key installed okay ]

# rcsdiff /etc/ansible/hosts

  44a45,47
  > [ ip76 ]
  > 10.10.10.76

# ansible -m ping 'ip76' --ssh-extra-args="-i  ansible/ansible_rsa"

  10.10.10.76 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
  }  

GRUB

# chroot /mnt/sysimage
# /sbin/grub-install /dev/hda

Making a CD

Recently kernel and accoiated boot files are now too big to fit on a floppy! How do you create an emergency boot media then?

# uname -a
Linux linuxdv2 2.4.22-1.2114.nptlsmp #1 SMP ...
# mkbootdisk --device /root/boot.iso 2.4.22-1.2115.nptlsmp -v --iso
 ...

Now use a CD burning package create bootable CD from iso file

LILO

Most computers decide how to boot by looking at a magic spot on the default hard drive. This magic spot is excluded from hard partiiotning and file system formatting. This magic spot is called the MBR (Master Boot Record).

lilois a Linux tool for writing boot instructions to the MBR. There are other tools by Microsoft and alternatives to lilo for Linux for writing to the MBR, but they essentially do nothing more than what lilo does (more about that later). As of this writing the latest lilo handles modern BIOS's that can see past 8 GBytes (see Hard Disks and Linux for more about this). If you happen to be using an older lilo, you will need to make sure any bootable partitions start below the 8 GByte threshold.

Since the MBR is read every time a system boots, you only need to run lilo if you want to change how a system boots. Before you run lilo you need to make sure a valid /etc/lilo.conf exists.

Basic /etc/lilo.conf boot=/dev/hda map=/boot/map install=/boot/boot.b prompt timeout=50 message=/boot/message lba32 default=linux image=/boot/vmlinuz-2.4.2-2 label=linux read-only root=/dev/hda2 other=/dev/hda1 optional label=dos

Funky /etc/lilo.conf boot=/dev/fd0 map=/boot/map install=/boot/boot.b #prompt #timeout=50 #message=/boot/message lba32 default=linux image=/boot/vmlinuz-2.4.2-2 label=linux vga=835 # vga=835 24 bit (e.g. Compaq Presario 1800T) # vga-834 16 bit read-only root=/dev/hda2 other=/dev/hda1 optional label=dos

The Basic listing above will prepare lilo to overwrite the MBR on /dev/hda (the first IDE hard drive) with the specified boot instructions. To run lilo you need to be root. Warning - running lilo will overwrite any existing booting instructions in the MBR (more on how to restore altnative boot loaders later). If you are ready to give it a go ...

# /sbin/lilo
Added linux *
Added dos

Bang! You you just overwrote the MBR /dev/hda. If you reboot (and no floppy, cdrom, or other device is bootable) you will see your new boot sequence execute.

The Funky listing above disables the pause and prompt before launching the OS after boot. The vga=835 will boot with the console in framebuffer mode - which looks like a super wide and tall console (like you would see on a Sun or high end Unix box). The boot=/dev/fd0 is for making a boot floppy - sort of.

Making a Boot Floppy

Using the Funky /etc/lilo.conf listed above and running /sbin/lilo is a no frills ways to make a boot floppy. Warning, floppy disks don't have a magic MBR area, they just use the raw data area for boot instructions. This means that lilo will obliterate any file system on the floppy, but now the floppy can be used to boot the system (which is handy if the MBR on the hard disk gets wacked).

Some distros have a mkbootdisk command. This is probably a better way to create a boot floppy. This will add an actual kernel to the floppy and some other neat stuff.

# uname -a
Linux localhost.localdomain 2.4.2-2 #1 Sun Apr 8 20:41:30 EDT 2001 i686 unknown
# mkbootdisk 2.4.2-2 /dev/fd0

Neat Floppy Boot Tricks

Microsoft Boot Loaders

Windows NT and more recently Windows 2000 have their own MBR boot tools. When these OS's install, they overwrite the MBR with their own boot instructions. If you want to to enable their boot loader to offer an option for boot to your Linux partition you need to

1. Make a boot floppy with lilo (see Funky /etc/lilo.conf above)
2. Extract the boot instructions from the first part of the floppy raw data area into a file

   # dd if=/dev/fd0 of=bootsect.red bs=512 count=1

3. Copy that file to the Windows main boot partition,
4. Add an entry to BOOT.INI that points to this file with a label that its for launching Linux.

   [boot loader]
   timeout=30
   default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
   [operating systems]
   multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Advanced Server" /fastdetect
   C:\bootsect.red="RedHat Linux: hda2"

5. After a boot, can peek at what boot arguments were used

   $ cat /proc/cmdline

The reason a floppy was used above was so the MBR on the primary boot hardisk isn't disturbed. If you don't mind overwriting the MBR, you could have LILO use /dev/hda instead of /dev/fd0 . But since you are trying to get the NT boot loader to launch Linux, overwriting the MBR would mean you would have to reinstall the NT boot loader. Messy, but if you have a flakey floppy disk or other reason it is possible.

More ...
Linux & NT/W2000
Linux & Windows 9X

Hard Disks and Linux

# fdisk -l

  Disk /dev/sda: 18.2 GB, 18210036736 bytes
  255 heads, 63 sectors/track, 2213 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes

     Device Boot      Start         End      Blocks   Id  System
  /dev/sda1   *           1          33      265041   83  Linux
  /dev/sda2              34          98      522112+  82  Linux swap / Solaris
  /dev/sda3              99        2213    16988737+  83  Linux

  Disk /dev/sdb: 36.4 GB, 36420075008 bytes
  255 heads, 63 sectors/track, 4427 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes

     Device Boot      Start         End      Blocks   Id  System
  /dev/sdb1               1        4427    35559846   8e  Linux LVM

  Disk /dev/sdc: 36.4 GB, 36420075008 bytes
  255 heads, 63 sectors/track, 4427 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes

     Device Boot      Start         End      Blocks   Id  System
  /dev/sdc1               1        4427    35559846   8e  Linux LVM

  Disk /dev/sdd: 36.4 GB, 36420075008 bytes
  255 heads, 63 sectors/track, 4427 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes

     Device Boot      Start         End      Blocks   Id  System
  /dev/sdd1               1        4427    35559846   8e  Linux LVM

  Disk /dev/sde: 123.5 GB, 123522417152 bytes
  255 heads, 63 sectors/track, 15017 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes

     Device Boot      Start         End      Blocks   Id  System
  /dev/sde1   *           1       15017   120624021    7  HPFS/NTFS

# df -ha

  Filesystem            Size  Used Avail Use% Mounted on
  /dev/sda3              16G  1.7G   14G  11% /
  /dev/proc                0     0     0   -  /proc
  /dev/sys                 0     0     0   -  /sys
  /dev/devpts              0     0     0   -  /dev/pts
  /dev/sda1             251M  9.5M  229M   4% /boot
  /dev/shm              252M     0  252M   0% /dev/shm
  /dev/mapper/vg1-lvpublic
                         99G   74G   20G  79% /public
  none                     0     0     0   -  /proc/sys/fs/binfmt_misc
  sunrpc                   0     0     0   -  /var/lib/nfs/rpc_pipefs
  automount(pid1733)       0     0     0   -  /net
  nfsd                     0     0     0   -  /proc/fs/nfsd
  /public/new/hagrid_root.iso
                        7.9G  3.1G  4.4G  42% /mnt/h0

Beware that fdisk may show conflicting disk size information. The following fdisk reports 500.1 GBytes, but actually holds only 465.7 GBytes = 500107862016 / 1024G / 1024M /1024K .

# fdisk -l

  Disk /dev/sda: 500.1 GB, 500107862016 bytes
  255 heads, 63 sectors/track, 60801 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes

     Device Boot      Start         End      Blocks   Id  System
  /dev/sda1   *           1       60801   488384001    c  W95 FAT32 (LBA)

With fdisk you can use the P command to show a partition summary. Use D to delete a partition, and N to create one. Use T to respecify partition type.

You might notice that the first partition is named something like hda1 (for first IDE drive). You can have four partitions per disk. In an extended partition you can create logical partitions. The first logical partition will be something like hda5 (for first IDE drive). The /dev directory on root shows all the poosible names for devices and their partitions.

Drives formatted on Sparc systems and/or formatted natively under Solaris use a peculiar partioning scheme. In some cases it may be necessary to obliterate the partition table using badblock write mode option before partitioning it with fdisk. Symptoms of this are inexplicable mkfs errors.

Hard Disk Formatting

Use mkfs thusly ...

mkfs -t [file system] /dev/[partition]

ext2 is the file system used most with Linux. msdos and other alternative formats can be specified fi you like.

Whoa! Huge Disks and Linux

Command (m for help): p

Disk /dev/hda: 247 heads, 228 sectors, 22505 cylinders
Units = cylinders of 56316 * 512 bytes

   Device Boot    Start       End    Blocks   Id  System
/dev/hda1             1       452  12714880+   5  Extended
Partition 1 does not end on cylinder boundary:
     phys=(1023, 15, 63) should be (1023, 246, 228)
/dev/hda5             1       452  12714849   83  Linux

Note: there appears to be a limitation in most distributions such that the root partition must be within the first 8 GBytes.

The Art of Disk Mounting

Here's an example of a command to mount an IDE partition ...

mount -t ext2 /dev/hdb2 /mnt/secoundIDEpartition2

The directory /mnt/secoundIDEpartition2 needs to be created before the mount command is given. The same partition can be unmounted thusly ...

umount /dev/hdb2

To have partitions mounted during bootup edit /etc/fstab. Here's a sample fstab file I edited ...

/dev/sda1       /               ext2    defaults        1 1
/dev/sda2       swap            swap    defaults        0 0
/dev/fd0        /mnt/floppy     ext2    noauto          0 0
/dev/cdrom      /mnt/cdrom      iso9660 noauto,ro       0 0
none            /proc           proc    defaults        0 0
/dev/hda1       /mnt/tempdisk   ext2    defaults        1 2

Note the 1 2 flags on /dev/hda1 . Its a good idea to peruse man fstab before adding entries to this file. For the most part find a line similar to what you want, copy it, and tweak for you purpose.

Miscellanious Mount Hints

mount -t vfat /partition/xp_share /mount_point

File System/Partition Checking

Generally file system integrity is checked automatically. However, for additional disk partitions you have created and for other reasons you may wish to know how to do this. Use fsck /dev/[partition] . Note, it is dangerous to fsck a partition that is mounted. If possible, unmount it first before fsck'ing it.

 

# tune2fs -l /dev/sda1
  tune2fs 1.35 (28-Feb-2004)
  Filesystem volume name:   /boot
  Last mounted on:          
  Filesystem UUID:          05509a4a-7ba5-4412-a61b-31a09b7257dc
  Filesystem magic number:  0xEF53
  Filesystem revision #:    1 (dynamic)
  Filesystem features:      ext_attr resize_inode filetype sparse_super
  Default mount options:    (none)
  Filesystem state:         not clean
  Errors behavior:          Continue
  Filesystem OS type:       Linux
  Inode count:              66264
  Block count:              265040
  Reserved block count:     13252
  Free blocks:              249058
  Free inodes:              66226
  First block:              1
  Block size:               1024
  Fragment size:            1024
  Blocks per group:         8192
  Fragments per group:      8192
  Inodes per group:         2008
  Inode blocks per group:   251
  Filesystem created:       Thu Apr 27 17:48:41 2006
  Last mount time:          Wed May  3 16:32:18 2006
  Last write time:          Wed May  3 16:32:18 2006
  Mount count:              2
  Maximum mount count:      25
  Last checked:             Wed May  3 11:51:55 2006
  Check interval:           15552000 (6 months)
  Next check after:         Mon Oct 30 10:51:55 2006
  Reserved blocks uid:      0 (user root)
  Reserved blocks gid:      0 (group root)
  First inode:              11
  Inode size:               128
  Default directory hash:   tea
  Directory Hash Seed:      33dc61c3-0da3-4d03-beca-1f169b9aeb93

iSCSI

Can install from a SCSI CD, but can't mount it once Linux is installed

Try this, as root:

rm /dev/cdrom
rm /dev/scd0
cd /dev
./MAKEDEV scd0
ln -s scd0 cdrom

SCSI Tape Devices

# up2date -du mt-st --nosig

# rpm -qf /bin/mt

# su -

# mt -f /dev/st0 tell

# mt -f /dev/st0 status

# mt -f /dev/st0 rewind

# tar -cvf /dev/st0 *

# mt -f /dev/st0 rewind

Table of contents
# tar -ztvf /dev/st0

# tar -zxvf /dev/st0 /.../...

Logical Volume Manager (LVM)

# fdisk /dev/hda
[ create /dev/hda4 as a Linux LVM partition ]
n
4
...
t
8e (Linux LVM)

# vgscan
... builds/populates /etc/lvmtab

# Low-level format partition for LVM
# pvcreate /dev/hda4
...

# vgcreate vg1 /dev/hda4
create

# vgchange -a n vg1 
deactivate

# vgchange -a y vg1 
activate

# vgchange -a n vg1 
deactivate

# vgremove vg1
remove
 
# vgcreate -s 16k vg1 /dev/hda4
create 16k PE size 

# mkdir /mnt/lv1

# lvcreate -L 100M -n lv1 vg1

# mkfs -t ext2 /dev/vg1/lv1
...

# mount /dev/vg1/lv1 /mnt/lv1
...

# lsof +D /mnt/lv1

# umount /mnt/lv1

# lvextend -L +10m /dev/vg1/lv1 /dev/hda4

# e2fsck -f /dev/vg1/lv1

# resize2fs /dev/vg1/lv1

# mount /mnt/lv1

# e2fsadm -L +20m /dev/vg1/lv1
[ no live mount error ]

# umount /mnt/lv1
...

# e2fsadm -L +20m /dev/vg1/lv1
...

# mount /mnt/lv1

Elsewhere
e2fsadm

Dump, Restore

cdrecord

$ cdrecord -scanbus
  ...

$ # -v          verbose
$ # -eject      eject cd after burn completes
$ # dev=6,0     use the drive ID you see reported from cdrecord -scanbus
$ # foobar.iso  a prepared cd image ready for burning directly to disc
$ cdrecord -v -eject dev=6,0 foobar.iso
  ... watch and wait ...

dd tricks

Creating a CD iso. The source partition can't be mounted during the process.

# dd if=/dev/cdrom of=cd.iso

Mounting a phantom device from CD iso file

# mount -o loop /public/new/hagrid_root.iso /mnt/h0

# ls /mnt/h0/
  bin   dev  home    lib         misc  opt   public  sbin  tmp  var
  boot  etc  initrd  lost+found  mnt   proc  root    sys   usr

# df -lh
  Filesystem            Size  Used Avail Use% Mounted on
  /dev/sda3              16G  1.7G   14G  11% /
  /dev/sda1             251M  9.5M  229M   4% /boot
  /dev/shm              252M     0  252M   0% /dev/shm
  /dev/mapper/vg1-lvpublic
                         99G   74G   20G  79% /public
  /public/new/hagrid_root.iso
                        7.9G  3.1G  4.4G  42% /mnt/h0

The Art of Dual Booting Linux and Windows9X
On most systems it should be possible install both Linux and Windows9X. A prompt after boot is used to select which OS, and if nothing is entered after a few seconds a default selection is made.

If you decide to setup a system to dual-boot, make sure it has NO IMPORTANT DATA ON IT! Also, prepare for complications and DON'T RUSH! It is very easy to miss a critical step and have go back and redo a lot of work.

Steps

• Linux FDISK
  • Create 2 primary partions:
    1. BOOT, about 10 MBytes in size. This will be used later for LILO which will run before any OS can boot
    2. WINDOWS, about 50% of harddisk
    3. Leave remaing 50% of disk unpartitioned
• Windows9X FDISK, Install
  • Replace 2nd partition
    1. Delete 2nd partition
    2. Create 2nd partition, about 50% of harddisk
    3. Make 2nd partion active
    4. Reboot
  • Format C: (if necesary)
  • Install Windows9X from CD or from copied install files on C: . Note, Windows install will overwrite the MBR after the 2nd or 3rd reboot. Make sure it has been rebooted enough times so that this doesn't happen again once the Linux installation occurs next
• Linux FDISK, Install
  • Create 3rd partition
    1. Create a 3rd extended partition using remaining 50% of disk
       
    2. Create logical swap partition in extended partiion 128-512 MBytes aproximately
       
    3. Create logical root partition using all remaining extended partition
       
  • Install Linux using
    /boot for 1st partiotn
    SWAP in lesser partition of extended partition
    /root in remaining partition in extended partition

X Windows Tips

kdmrc - enabling root login from X login screen

AllowRootLogin=true

Xconfigurator - once Linux is booting to a login prompt on a system's default video device, Xconfigurator is the command to attempt to configure it for the X Windows graphics environment. Its best to know what your graphics card/chip and monitor capabilites are before running this. If you succeed in having it detect your graphics capability, it is highly recomended that you decline having graphics enabled on bootup. Instead stay with text only login and use startx to bring up the graphics on demand. This will reduce headaches significantly if and when your graphics capabilities inevitably change.

startx - some handy tidbits ...

startx -- -bpp 16

Ctrl Alt Bksp will force X to exit. This is handy if an app crashes or otherwise renders an X Windows session unusable

Also, don't forget that on many systems Ctrl Alt + and Ctrl Alt - will switch between screen resolutions of the same color depth

Configuring X Windows Desktop Environments (DE) - Gnome, Afterstep, FWM, KDE, ...
On some distributions (notably RedHat 6.1) even when KDE Workstation is selected during installation X Windows still launches the Gnome DE (as indicated by the stupid enlightenment initializer, retched over stylized poseur foot print logo, and gianormous precious space wasting icons at the bottom of the screen ... puff puff, rant off). To have a different DE, check for and create if necessary a desktop file in /etc/sysconfig. Edit this file and place KDE as the only text in it. To get Another Level or other non-Gnome DE ... peruse the system files that man startx references.

inittab - disabling X Windows at boot
Changing /etc/inittab initdefault value next will change the runlevel entered after the next reboot.

...
# Default runlevel. The runlevels used by RHS are:
#   0 - halt (Do NOT set initdefault to this)
#   1 - Single user mode
#   2 - Multiuser, without NFS (The same as 3, if you do not have networking)
#   3 - Full multiuser mode
#   4 - unused
#   5 - X11
#   6 - reboot (Do NOT set initdefault to this)
# 
id:3:initdefault:
...

Autoconf - configure make install

Here's a quick overview of the peculiar command sequence many Linux apps use to install themselves:

Basic $ ./configure --help $ ./configure $ make $ make install

Funky (Should automake be run before autoconf?) $ autoconf $ automake (Makefile.am -> Makefile.in) $ CFLAGS="-g -O0" ./configure (Makefile.in -> Makefile) $ make $ make install

xmkmf, Imakefile

This is yet another peculiar method for compiling and installing software under Linux. If you unpack some software and find Imakefile files sprinkled around it is a good bet that it expects you use xmkmf to generate a Makefile. Once a Makefile is created, should be as simple as running make much like with configure make install. It is amazing how much software uses Imakefile's but doesn't mention in the install instructions that xmkmf is the command you need to use to get things working properly.

chkconfig

Executables that run in the background to offer network services are usually started automatically when a system is started. The mechanism that starts and stops services uses settings kept in /etc/rc.d . Sometimes automatic startup the settings for a service need to adjusted. One could learn the particular details of files in /etc/rc.d , or you could just use the chkconfig command and specify the service, the run levels to change, and the state

> chkconfig --list
...
> chkconfig --level 2345 sshd on
...

nfs - network file system

nfs has a server and a client side.  Most Linux distributions install the necessary files by default, but do not active them.

Server # hostname foobar # rpm -qa | grep -i nfs-utils nfs-utils-1.0.9-42.el5 # rpm -qi nfs-utils The nfs-utils package provides a daemon for the kernel NFS server and related tools ... # cat /etc/exports /public 10.17.0.0/255.255.0.0(ro) # service nfs ...

Client # ls /mnt/coolmntpt empty # mount foobar:/public /mnt/coolmntpt # ls -l /mnt/coolmntpt lots of files ... # df -h | grep cool foobar:/public ... /mnt/coolmntpt # umount /mnt/coolmntpt [ for CentOS/RHEL 7/systemd see below ]

Security - It is easy for a client request to be spoofed allowing unauthorized access to a nfs server volume.  In general it good practice to only expose nfs volumes across LAN links and not expose them to the broader Internet.

Persistence - A nfs server may not stay online indefinetly.  If you regularly mount nfs volumes (i.e. you are nfs client), be familiar enough with the nfs server to know when mounting it may not be a good idea.  In some cases mounting a volume from a server not online can cause unexpected delays and worst case file corruption.  If you serve nfs mount points, you may want to configure your system to automatically restart nfs at boot time.

Run Levels - Make sure portmap service is running.  Typically portmap is on for levels 3 and 5, but not for run level 2.

Additional info

• /etc/fstab - allows nfs mount presets and automatic mounting after reboot
• chkconfig - allows nfs server to be restarted after reboot
• RHEL4

nfs - Unable to mount nfs share

As of RHEL/CentOS 7, client must also install nfs-utils and make sure rpcbind service is working.

# yum install nfs-utils

# mount mini.local.zaptech.org:/public/nfs_new /mnt

  Job for rpc-statd.service failed. See 'systemctl status rpc-statd.service' and 'journalctl -xn' for details.

# systemctl status rpcbind 

  rpcbind.service - RPC bind service
   Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; static)
   Active: inactive (dead)

# systemctl stop rpcbind 

# systemctl start rpcbind 

# systemctl status rpcbind 

  rpcbind.service - RPC bind service
   Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; static)
   Active: active (running) since Thu 2015-05-21 03:32:14 EDT; 1s ago
  Process: 2847 ExecStart=/sbin/rpcbind -w ${RPCBIND_ARGS} (code=exited, status=0/SUCCESS)
 Main PID: 2848 (rpcbind)
   CGroup: /system.slice/rpcbind.service
           └─2848 /sbin/rpcbind -w

# mount mini.local.zaptech.org:/public/nfs_new /mnt 

Majordomo

Tips

Linux Documentation Project

FTP

May need to tweak configurations files for inetd or xinetd to allow service to be enabled. Following is the /etc/xinetd.d/xinetd.conf from a RH71 install ...

# default: on
# description: The wu-ftpd FTP server serves FTP connections. It uses \
#       normal, unencrypted usernames and passwords for authentication.
service ftp
{
        socket_type             = stream
        wait                    = no
        user                    = root
        server                  = /usr/sbin/in.ftpd
        server_args             = -l -a
        log_on_success          += DURATION USERID
        log_on_failure          += USERID
        nice                    = 10
#       disable                 = yes
}

In more recent ftp service limit access to their user directory. This can be overridden on a per user basis in /etc/ftpaccess .

# rcsdiff ftpaccess
===================================================================
*** 11,24 ****
  # Chroot all users to their home directory by default
  # (comment this out if you don't want to chroot most of your users)
! guestuser *
  # If you wish to allow user1 and user2 to access other
  # directories, use the line below:
! # realuser user1,user2

--- 11,24 ----
  # Chroot all users to their home directory by default
  # (comment this out if you don't want to chroot most of your users)
! # guestuser *
  # If you wish to allow user1 and user2 to access other
  # directories, use the line below:
! realuser fredness,eddie

Anonymous FTP

If anonymous ftp capability is desired, install the anonftp-... RPM. A /home/ftp directory should now exist that anonymous users can access.

SaMBa - file sharing services that interface well with Microsoft Windows

$ cat /etc/redhat-release
  Fedora Core release 4 (Stentz)

$ rpm -qa | grep -i samba
  samba-common-3.0.14a-2
  samba-client-3.0.14a-2
  samba-3.0.14a-2

Restarting SMB ...

/etc/rc.d/init.d/smb status

/etc/rc.d/init.d/smb stop

/etc/rc.d/init.d/smb start

Importable registry files for enabling MS Windows clients can be found at ...

/usr/doc/samba-2.0.3/docs/

Acknowledging the presence of a dedicated WINS server. Here's an excerpt from a smb.conf that does this ...

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
    wins server = 192.168.30.200

diff -r1.1 /etc/samba/smb.conf
16a17,20
> #  netbios name = sony-samba
>    netbios name = hpserv
>
18c22
<    workgroup = MYGROUP
---
>    workgroup = WORKGROUP
28c32
< ;  hosts allow = 192.168.1. 192.168.2. 127.
---
>    hosts allow = 192.168.1. 192.168.2. 127.
53c57,58
<    security = user
---
>    security = share
234a240,251
> # GeeWiz production folder
> [geewiz]
>    comment = GeeWiz production folder
>    path = /geewiz
>    public = yes
>    writable = yes

# rcsdiff smb.conf
  18c18
  <    workgroup = MYGROUP
  ---
  >    workgroup = WORKGROUP
  21c21
  <    server string = Samba Server
  ---
  >    server string = morpheus.us.wizbang.com
  58c58,59
  <    security = user
  ---
  > #  security = user
  >    security = share
  228,233c229,234
  < ;[public]
  < ;   comment = Public Stuff
  < ;   path = /home/samba
  < ;   public = yes
  < ;   read only = yes
  < ;   write list = @staff
  ---
  > [public]
  >     comment = Public Stuff
  >     path = /public
  >     public = yes
  >     read only = yes
  >     write list = @staff

SaMBa - encrypted passwords

Most version of Microsoft Windows expect encrypted passwords to be enabled. If a machine can see a SaMBa server but issues a connect/bad password error when attempting to open the server, it is a pretty good bet that the SaMBa server does not have encrypted passwords enabled. Quick way to get around this is to tweak the REGISTRY on each MS Windows system to disable encripted passwords (see above). A more compatible way to resolve this is to enable encrypted passwords.

First, uncomment the following lines in the /etc/smb.conf ...

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
encrypt passwords = yes
smb passwd file = /etc/smbpasswd

# The following are needed to allow password changing from Windows to
# update the Linux sytsem password also.
# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
# NOTE2: You do NOT need these to allow workstations to change only
#        the encrypted SMB passwords. They allow the Unix password
#        to be kept in sync with the SMB password.
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*
all*authentication*tokens*updated*successfully*

Second, create a user and password pair ...

>smbpasswd -a jsmith

>cat smbusers

>cat smbpasswd

SaMBa - Domain/Group and Anonymous

# workgroup = NT-Domain-Name or Workgroup-Name
   workgroup = ZAPTECH

There is no anonymous user built into SaMBa that I am aware of. However, the nobody user can be given a smbpasswd of nothing. This will present users with a user passwd requestor that can be dismissed by using nobody and CR. Such users typically won't have write access. Alternatively, dispense with user authentication entirely by changing smb.conf security setting to share (see example above).

RCS (revision control system)

CVS (centralized source code version control)

Most Linux distributions install the /usr/bin/cvs command by default. What may not be obvious is that this executable is used both for command line operations and for establishing a service daemon. Unless you have a non-standard distribution, you will need to manually enable cvs services by adding a line to the /etc/inetd.conf, and then restarting it. Add the following to /etc/inetd.conf ...

# CVS service
cvspserver stream tcp nowait root /usr/sbin/tcpd /usr/bin/cvs --allow-root=/home/cvsroot pserver

For more recent xinetd make a /etc/xinetd.d/cvspserver file containing something like ...

# default: off
# description: cvs server
service cvspserver
{
	socket_type		= stream
 	protocol		= tcp
	wait			= no
	user			= root
	server			= /usr/bin/cvs
	server_args		= -f --allow-root=/home/home/cvsroot pserver
}

Above based loosely on similar file for enabling telnetd . Caution: watch out for white space! These files may require tabs instead of spaces for indenting purposes. The following is a bit more elaborate. Note: log_on_success may in some situations introduce connect delays. If so consider log_on_failure instead.

# default: off
# description: cvs server
service cvspserver
{
        socket_type		= stream
        protocol		= tcp
        wait			= no
        log_on_success		+= USERID
        user			= root
        passenv			=
        server			= /usr/bin/cvs
        server_args		= -f --allow-root=/home/home/cvsroot pserver
}

Now, initialize the repository ...

> cvs -d /home/cvsroot init

CVS - Multiple Repositories
Yes its true, you can have more than one CVS repository on a server. The critical bit that allows this is adding another --allow-root=[path] to /etc/xinetd.d/cvspserver for each additional repository. Each repository will need to be initialized seperately.

CVS Port = 2401
Remote clients use this port to establish a connection to cvspserver (consult /etc/services for more details)

cvspserver     2401/tcp     # CVS client/server operations
cvspserver     2401/udp     # CVS client/server operations

CVS - Module Creation (Importing)
This is can be tricky. Sometimes it is easier to create a dummy folder containing a single file, import just that, then add any other files using more straightforward cvs add

export CVSROOT=":pserver:fredness@mail.zaptech.com:/home/cvsroot"

cvs login

cvs import -m "blah blah blah" modulename bogusvender firsttag

cvs logout

cat ./cvspass

CVS - Allowing Anonymous Access

Create a file called readers (e.g. /home/cvsroot/CVSROOT/readers) so that it contains ...

anonymous

Now create another files called passwd so that it contains ...

anonymous:ndt015Yw.To5Y:nobody

It can be awkward to create a null password with the passwd command. The following perl script does the job though ...

> cat cryptout.pl
#!/usr/bin/perl

srand(time());
my $randletter = "(int (rand (26)) + (int (rand (1) + .5) % 2 ? 65 : 97))";
my $salt = sprintf ("%c%c", eval $randletter, eval $randletter);
my $plaintext = shift;
my $crypttext = crypt($plaintext, $salt);
print "${crypttext}\n";

(Optional) You may also need to create a writers file that contains users who can commit changes...

fredness
leighster
ian

Add nobody to cvs group

CVS - Read Only Users

Add the username (see below) then add username to the readers file (see above). No passwd file is required for this.

Annoying /root/.cvsignore Permission denied warning messages

This is a harmless 'bug' and is supposed to fixed in CVS 1.10.8

Additional Info

- Tips

- Akadia

MySQL Setup

Following works with redhat 7.1

# su -
...
# rpm -ivh mysql-3.23.36-1.i386.rpm
...
# rpm -ivh mysql-server-3.23.36-1.i386.rpm
...
# /etc/rc.d/init.d/mysqld status
...
# /etc/rc.d/init.d/mysqld start
...
# exit
# mysql
  -> \h
  -> \q
#

More

HOWTO MySQL

Which System Libraries are Installed

Check /usr/lib to see what libs are installed. Also, you can take a look at /etc/ld.so.conf to see what libs are installed and in what dir they are installed in.

To find our what libraries an executable uses ...

ldd [file]

If you have manually added a library to one of the existing library directories, make sure you run ldconfig to register it. Alternatively, try setting LD_LIBRARY_PATH env var to point to the desired library directory.

# export LD_LIBRARY_PATH=/usr/local/lib 

Use nm to figure out which library any symbol is in.  For example, the following will locate which library containts the symbol 'XGetExtensionVersion'.

$ nm -Bog /usr/X11/lib/*.so | grep XGetExtensionVersion 

bash

Bourne Again SHell (BASH), is probably the most ubiquitous command line interpreter enabled by default on Linux/Unix systems as of this writing. As such, there are many powerful commands and other capabilities built into bash that are important to master to effective manage and administer a wide variety of computer systems.

screen

Useful way to to detach a session from the current login session, then resurrect it later.  Very hand for monitoring/running commands that take a very long time to complete, and not having to be sitting at the hardware.

$ screen -ls

  No Sockets found in /var/run/screen/S-ricks.

$ screen

    $ screen -ls

      There is a screen on:
      1067.pts-1.clamps	(Detached)

    $ [ctrl-A]d

      [ ... detaches from current session ... ]

$ screen -ls

  There is a screen on:
  1067.pts-1.clamps	(Detached)

$ screen -r 1067.pts-1.clamps

    $ exit

$ screen -ls

  No Sockets found in /var/run/screen/S-ricks.

awk

Elsewhere

• SHELLdorado

fortune, configuring your own fortune teller

$ cat foo

  fortune test 1
  %
  fortune text 2
  %
  fortune text 3

$ strfile foo

$ ls foo*

  foo
  foo.dat

$ fortune foo
  ...

Java

Install Notes

rsync

-a includes everything including subdirs, z is for compression v is for verbose

rsync -azv -e 'ssh' sourcedir user@host:/destdir

Telnet & Xinetd Services

On newer systems xinetd has replaced inetd. Instead of a single /etc/inetd.conf file there is /etc/xinetd.d/ directory with different small files for each service to enable.

# default: on
# description: The telnet server serves telnet sessions; it uses \
#       unencrypted username/password pairs for authentication.
service telnet
{
        disable         = no
        flags           = REUSE
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/sbin/in.telnetd
        log_on_failure  += USERID
# restrict telnet access to internal network
        only_from       = 192.168.1.0/24
#       disable         = yes
}

nmap

$ nmap -A -T4 cp2.foobar.com

  Interesting ports on 216.240.133.161:
  (The 1671 ports scanned but not shown below are in state: filtered)
  PORT    STATE SERVICE VERSION
  22/tcp  open  ssh     OpenSSH 3.9p1 (protocol 2.0)
  80/tcp  open  http    Apache httpd 2.0.52 ((Red Hat))
  873/tcp open  rsync    (protocol version 28)

  Nmap finished: 1 IP address (1 host up) scanned in 38.079 seconds

$ nmap -A -T4 cp1.foobar.com

  Interesting ports on 216.240.159.214:
  (The 1669 ports scanned but not shown below are in state: filtered)
  PORT    STATE  SERVICE  VERSION
  20/tcp  closed ftp-data
  21/tcp  open   ftp      vsftpd 2.0.1
  22/tcp  open   ssh      OpenSSH 3.9p1 (protocol 2.0)
  80/tcp  open   http     Apache httpd 2.0.52 ((Red Hat))
  443/tcp closed https
  Service Info: OS: Unix

  Nmap finished: 1 IP address (1 host up) scanned in 55.310 seconds

lp & a2ps

Under RH7.1 (should work for most distros) the following will format foo.c in postscript with two pages/page and send it to lp printer port at 192.168.11.21 ...

a2ps -Plp@192.168.11.21 foo.c

a2ps -s duplex -Plp@192.168.11.21 foo.c

a2ps -Plp@192.168.11.21 foo.c --columns=1 -s duplex -L66

This following will dump the text to the printer unformatted ...

lp -d @192.168.11.21 foo.c

Linux/Unix, Netscape/Mozilla Print Command
Following works for the ColorLaserJet 5MP (Mmmm, color postscrpt :-) I have setup on the home office LAN at IP address 192.168.1.192

lp -d @192.168.1.192

talk

On older systems may need to install talkd and inetd before remote chat session will be permitted. Once installed, may need to restart system (although appropriate init.d command will probably to the trick without rebooting).

named - Internet DNS (Domain Name Service)

Don't venture here unless you have access to a pretty elaborate setup (at least a subnet with 2 dedicated IP addresses and servers). Although DNS in principle is pretty straight forward, one mis-step and alot of machines can drop off the net.

$ host -t any zaptech.com r2d2.inow.com

  Using domain server:
  Name: r2d2.inow.com
  Address: 198.144.96.10#53
  Aliases:

  zaptech.com has SOA record public.zaptech.com. info.zaptech.com. 2005021501 10800 1800 604800 86400
  zaptech.com name server r2d2.inow.com.
  zaptech.com name server public.zaptech.com.
  zaptech.com has address 198.144.98.62
  zaptech.com mail is handled by 10 mail.zaptech.com.

$ dig @b.root-servers.net scpns.org

  ; <<>> DiG 9.2.3rc1 <<>> @b.root-servers.net scpns.org
  ;; global options:  printcmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28076
  ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 8

  ;; QUESTION SECTION:
  ;scpns.org.                     IN      A

  ;; AUTHORITY SECTION:
  org.                    172800  IN      NS      TLD1.ULTRADNS.NET.
  org.                    172800  IN      NS      TLD2.ULTRADNS.NET.
  org.                    172800  IN      NS      TLD3.ULTRADNS.org.
  org.                    172800  IN      NS      TLD4.ULTRADNS.org.
  org.                    172800  IN      NS      TLD5.ULTRADNS.INFO.
  org.                    172800  IN      NS      TLD6.ULTRADNS.CO.UK.

  ;; ADDITIONAL SECTION:
  TLD1.ULTRADNS.NET.      172800  IN      AAAA    2001:502:d399::1
  TLD1.ULTRADNS.NET.      172800  IN      A       204.74.112.1
  TLD2.ULTRADNS.NET.      172800  IN      A       204.74.113.1
  TLD3.ULTRADNS.org.      172800  IN      A       199.7.66.1
  TLD4.ULTRADNS.org.      172800  IN      AAAA    2001:502:100e::1
  TLD4.ULTRADNS.org.      172800  IN      A       199.7.67.1
  TLD5.ULTRADNS.INFO.     172800  IN      A       192.100.59.11
  TLD6.ULTRADNS.CO.UK.    172800  IN      A       198.133.199.11

  ;; Query time: 27 msec
  ;; SERVER: 192.228.79.201#53(b.root-servers.net)
  ;; WHEN: Tue Jul  4 01:43:21 2006
  ;; MSG SIZE  rcvd: 341 

$ dig @TLD2.ULTRADNS.NET scpns.org

  ; <<>> DiG 9.2.3rc1 <<>> @TLD2.ULTRADNS.NET scpns.org
  ;; global options:  printcmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53360
  ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1

  ;; QUESTION SECTION:
  ;scpns.org.                     IN      A

  ;; AUTHORITY SECTION:
  scpns.org.              86400   IN      NS      ns1.zaptech.org.
  scpns.org.              86400   IN      NS      ns1.sparkworx.com.

  ;; ADDITIONAL SECTION:
  ns1.zaptech.org.        86400   IN      A       64.32.175.104

  ;; Query time: 25 msec
  ;; SERVER: 204.74.113.1#53(TLD2.ULTRADNS.NET)
  ;; WHEN: Tue Jul  4 01:59:23 2006
  ;; MSG SIZE  rcvd: 100

$ dig @172.16.4.20 howtolabs.net axfr

  ; <<>> DiG 9.3.1 <<>> @172.16.4.20 howtolabs.net axfr
  ; (1 server found)
  ;; global options:  printcmd
  howtolabs.net.          86400   IN      SOA     ns1.zaptech.org. info.zaptech.com. 2006052001 28800 7200 604800 86400
  howtolabs.net.          86400   IN      NS      ns1.zaptech.org.
  howtolabs.net.          86400   IN      NS      ns1.sparkworx.com.
  howtolabs.net.          86400   IN      TXT     "v=spf1 include:fc5.zaptech.org ~all"
  howtolabs.net.          86400   IN      MX      10 fc5.zaptech.org.
  howtolabs.net.          86400   IN      A       64.32.175.104
  www.howtolabs.net.      86400   IN      A       64.32.175.104
  howtolabs.net.          86400   IN      SOA     ns1.zaptech.org. info.zaptech.com. 2006052001 28800 7200 604800 86400
  ;; Query time: 21 msec
  ;; SERVER: 172.16.4.20#53(172.16.4.20)
  ;; WHEN: Mon Jul 17 16:35:42 2006
  ;; XFR size: 8 records (messages 1)

Security-Enhanced Linux

More recent releases of Fedora Core Linux have SELinux enabled by default. For all but the most serious deployments (which arguably should not be using Fedora Core in the first place), this is a big headache. Essentially this adds another level of file attributes beyond those for user, group, and world. Any changes to system files without also tuning the SELinux policies and file attributes can cause all sorts of weird kernel error messages. It's also almost impossible to removed SELinux once it has been installed - instead it is better to disable the SELinux config file and reboot.

$ diff -r1.1 /etc/selinux/config
  6c6,7
  < SELINUX=enforcing
  ---
  > # LINUX=enforcing
  > SELINUX=permissive

SELinux (when enabled), adds four new file attributes: user, role, type, range.  As root use chcon to modify SELinux file attributes.

# cd /var/www/icons

# ls -lhZ

  -rw-r--r--  root root system_u:object_r:httpd_sys_content_t a.gif
  -rw-r--r--  root root system_u:object_r:httpd_sys_content_t alert.black.gif
  ...
  -rw-r--r--  root root user_u:object_r:httpd_sys_content_t the-hyperchicken-87721.jpg
  ...
  -rw-r--r--  root root system_u:object_r:httpd_sys_content_t world2.gif
  -rw-r--r--  root root system_u:object_r:httpd_sys_content_t world2.png

# chcon -t httpd_sys_content_t the-hyperchicken-87721.jpg

# chcon -u system_u the-hyperchicken-87721.jpg

# ls -lhZ the-hyperchicken-87721.jpg

  -rw-r--r--  root root system_u:object_r:httpd_sys_content_t the-hyperchicken-87721.jpg 

NetworkManager

For the most part, NetworkManager is a GUI for use by non-server Linux installs.  Often its presence is made known by NM_ directive in the /etc/sysconfig/network-scripts/ifcfg-eth0.

Elsewhere: convirture

Nagios

Nagios is a popular web service that is employed to monitor various systems and services.  It's become much easier to setup recently, but still suffers from being 'over-engineered' and brittle to the extend that it will stop working for no apparent reason.  Still, its popularity is steadily increasing and overall it seems to be becoming easier to setup and more stable.

nagios Service Dies, Restart Keeps Dying

Nagios tends to die for having too large a file open (signal SIGXFSZ).  It turns out that performance data is being written to a file that is not rotated by default, so it grows until it is too large to open.

An entry in the logrotate configuration is needed, so the file will be rotated and compressed on a weekly basis, followed by restarting Nagios.  Hopefully that keeps the problem from recurring.

$ pwd

  /usr/local/nagios/var

$ ls -lh 

  total 2.3G
  drwxrwxr-x 2 nagios nagios  16K Jan 11 16:41 archives
  -rw-rw-r-- 1 nagios nagios 552K Jan 14 09:06 nagios.debug
  -rw-rw-r-- 1 nagios nagios 977K Jan 14 09:06 nagios.debug.old
  -rw-r--r-- 1 nagios nagios    5 Jan 14 08:03 nagios.lock
  -rw-rw-r-- 1 nagios nagios  45K Jan 14 09:03 nagios.log
  -rw-r--r-- 1 nagios nagios 416K Jan 14 08:03 objects.cache
  -rw------- 1 nagios nagios 505K Jan 14 09:03 retention.dat
  drwxrwsr-x 2 nagios nagios 4.0K Jan 14 08:03 rw
  -rw-rw-r-- 1 nagios nagios 879K Jan 14 09:06 service-perfdata
  -rw-rw-r-- 1 nagios nagios 267M Jan 14 08:05 service-perfdata.1.gz
  -rw-rw-r-- 1 nagios nagios 2.0G Jun 14  2009 service-perfdata.save
  drwxrwxr-x 3 nagios nagios 4.0K Jan 16  2009 spool
  -rw-rw-r-- 1 nagios nagios 502K Jan 14 09:06 status.dat 

$ cat /etc/logrotate.conf 

  ...

  # system-specific logs may be also be configured here.
  /usr/local/nagios/var/service-perfdata {
	rotate 52
	compress
	nocreate
	postrotate
	/sbin/service nagios restart
	endscript
  } 

SuSE/Novell Distribution Notes

Yum - RPM Manager

Fedora Distribution Notes

rpm anomolies
Recent kernels may get out of step with rpm and make it difficult to perform system updates. It may be possible to regress what kernel calls should be used to launch programs.

# rpm -q rpm
rpmdb: unable to join the environment
error: db4 error(11) from dbenv->open: Resource temporarily unavailable
error: cannot open Packages index using db3 - Resource temporarily
unavailable (11)
error: cannot open Packages database in /var/lib/rpm
package rpm is not installed

Now it works when the following is done!!!!!

# rm /var/lib/rpm/__*

# export LD_ASSUME_KERNEL=2.2.5

# rpm -q rpm
rpm-4.2.1-0.30

Red Hat Distribution Notes

CentOS [ edit ]

For those who are comfortable using Red Hat Enterprise Linux (RHEL), but don't want to pay the fees for routine updates and support, CentOS is source code equivalent.  It's more stable than Rawhide and Fedora which are also based on the same source code

udev Confuses Network Settings after Cloning a Virtual Machine

It seems variants of Red Hat Enterprise Linux 6 can behave strangely after files are copied from an already working virtual machine file set.  The work around is simple, wipe away the cached values that udev uses and reboot.  Most hypervisors will change the MAC Address for a network interface when it notices a virtual machine has been copied, which for some reason RHEL6 is more sensitive to.

(as of 2014-03, the following seems only to apply for pre-CentOS 6)

# service network stop

# rm /etc/udev/rules.d/70-persistent-net.rules 

# rmmod vmxnet

# modprobe vmxnet

# shutdown -h now

Unsupported Hardware

RedHat Network

The rhnsd service provides ... stay tuned.

# service rhnsd status

  rhnsd (pid 6262) is running...

# chkconfig --list | grep rhn

  rhn-virtualization-host	0:off	1:off	2:on	3:on	4:on	5:on	6:off
  rhnsd          	0:off	1:off	2:on	3:on	4:on	5:on	6:off

# rhn_check

Changing Host Name

Typically this requires editing /etc/sysconfig/network and rebooting.

$ cat /etc/sysconfig/network

  NETWORKING=yes
  HOSTNAME=public.zaptech.com
  GATEWAY=192.168.1.1

Hostname is a somewhat abstract concept. By itself it is just a simple name used by the system internally. Classic example is the host identifier text of a shell prompt. Strictly speaking this value is not known by a system until it is set sometime after boot. Red Hat convention is to place fully qualified hostname (shortname.domain.com) value in /etc/sysconfig/network which is read early during system boot (changing this will only affect system after next boot). Another convention is to place the short hostname at the end of the /etc/hosts line for 127.0.0.1/localhost. This is allows internal processes to access local resources using network connection protocols. Lastly, there is a system command called hostname. It is the key to retrieving and changing a system's internal hostname. Note: the hostname command specifically DOES NOT save any state for the next time the system boots.

Gnome is used instead of the desired desktop environment

(see X Windows)

Expert Install Mode
Even a simple install may require expert install mode if a SCSI controller or network card support is desired. Also, as of RedHat 6.X, the installer no longer allows full custom disk partitioning with fdisk unless you specify boot: expert text at install prompt and later indicate a full custom installation

Evil hosts file - the localhost entry in a hosts file should never contain the hostname, especailly if a fixed IP address is used. If it does, this can freak out other systems on the same network. If you need to declare your hostname in the hosts file, make a dedicated entry for it to you fixed IP address. This will allow NetBIOS, SaMBa, and other net browser protocals to properly resolve your system. For example ...

127.0.0.1 localhost
192.168.30.33 fredness fredness.cacheon.com
207.5.50.250 mail.zaptech.com mail

/etc/passwd, /etc/group

$ man 5 passwd
(see Red Hat)