5 Tags: configuration, network
7 Deactivate error correction of zsh:
11 Run zsh-help for more information regarding zsh.
13 Tags: zsh, configuration
15 Disable automatic setting of title in GNU screen:
19 Set it manually e.g. via:
21 % screen -X title foobar
23 Run zsh-help for more information regarding zsh.
25 Tags: zsh, configuration
27 Do not use menu completion in zsh:
31 Run zsh-help for more information regarding zsh.
33 Tags: zsh, configuration
35 Run GNU screen with grml-configuration:
41 % screen -c /etc/grml/screenrc
43 Tags: screen, configuration
45 Print out grml-version:
57 Use encrypted files / partitions:
59 # grml-crypt <options>
65 # grml-crypt format /mnt/external1/encrypted_file /mnt/test
66 # cp big_file /mnt/test
67 # grml-crypt stop /mnt/test
71 # grml-crypt start /mnt/external1/encrypted_file /mnt/test
72 # grml-crypt stop /mnt/test
76 Tags: crypto, grml-crypt, dmcrypt, luks
78 Change resolution of X:
80 % xrandr -s '1024x768'
82 Tags: x11, xorg, resolution
84 Change resolution of framebuffer:
90 Configure newsreader slrn:
96 Configure grml system:
100 Or directly run scripts:
105 Tags: grml, configuration
107 Lock screen (X / console):
111 Press ctrl-alt-x to lock a GNU screen session.
113 Tags: grml, lock, grml-lock, screen
115 Change wallpaper in X:
117 % grml-wallpaper <press-tab>
119 Tags: grml, wallpaper
121 Start X window system (XFree86 / Xorg / X.org):
123 % grml-x $WINDOWMANAGER
128 % grml-x -mode '1024x768' fluxbox
131 Tags: grml-x, x11, xorg, graphic
133 Collect hardware information:
137 or run as root to collect some more information:
141 will generate a file named info.tar.bz2.
143 Tags: grml, hardware, hwinfo, collect
145 Configure hardware detection features of harddisk installation:
149 or manually edit /etc/grml/autoconfig[.small]
151 See: man grml-autoconfig
153 Tags: grml, installation, configuration
155 Bootoptions / cheatcodes / bootparams for booting grml:
157 On the grml-ISO if not running grml:
158 % less /cdrom/GRML/grml-cheatcodes.txt
161 % most /usr/share/doc/grml-docs/grml-cheatcodes.txt.gz
163 Tags: grml, cheatcodes, boot, bootoptions, bootparam
165 Report bugs to Debian's Bug Tracking System (BTS):
167 % reportbug --bts debian
169 or adjust /etc/reportbug.conf to your needs.
173 http://grml.org/bugs/
174 http://www.debian.org/Bugs/
176 Tags: bug, reportbug, bts, debian
178 Offline documentation:
182 Online documentation:
185 http://grml.org/docs/
186 http://wiki.grml.org/doku.php
188 Tags: info, grml, grml-info, documentation
190 Mount NTFS partition (read-write):
192 # mount.ntfs-3g /dev/sda1 /mnt/sda1
196 Overwrite specific file on an NTFS partition:
198 ntfscp /dev/hda1 /tmp/file_source path/to/file_target
200 Resize an NTFS partition:
206 ntfsresize -n -s 10G /dev/hda1 # testcase
207 ntfsresize -s 10G /dev/hda1 # testing was successfull, now really resize partition
208 cfdisk /dev/hda # delete partition hda1, create new one with 10000MB and fs-type 07 (NTFS)
210 Tags: ntfs, resize, ntfsresize
212 Modify resolution for intel graphic chipsets:
218 # 915resolution 4d 1400 1050
220 Connect bluetooth mouse:
224 ... and press 'connect' button on your bluetooth device.
226 Connect bluetooth headset:
230 ... and press 'connect' button on your bluetooth device.
232 Secure delete file / directory / partition:
238 Also take a look at shred(1), sfill(1) and http://dban.sourceforge.net/
240 Tags: delete, secure, wipe, shred
242 Development information regarding grml:
244 http://blog.grml.org/
246 Tags: blog, grml, developmnet
250 #grml on irc.freenode.org - http://grml.org/irc/
251 http://grml.org/contact/
253 Tags: contact, irc, freenode, email
255 Join the grml mailinglist:
257 http://grml.org/mailinglist/
259 Tags: grml, mailinglist
263 http://grml.org/donations/
267 Commercial support / system administration / adjusted live-cds:
269 grml-solutions: http://grml.org/solutions/
271 Tags: grml, commercial, customize
273 Information regarding the kernel provided by grml:
275 http://grml.org/kernel/
277 Tags: documentation, grml, kernel
279 SMTP command-line test tool:
285 % swaks -s $MAILSERVER -tlsc -a -au $ACCOUNT -ap $PASSWORD -f $MAILADRESSE -t $MAILADRESSE
289 Tags: swak, smtp, test
291 NTFS related packages:
299 Modify service through init script:
306 # /etc/init.d/lvm start
308 Tags: init, script, start, stop
312 # jstest /dev/input/js0
316 % mplayer /path/to/movie
320 Use webcam with mplayer:
322 % mplayer tv:// -tv driver=v4l:width=352:height=288:outfmt=yv12:device=/dev/video0
324 Tags: webcam, mplayer
326 Powerful network discovery tool:
330 Tags: network, python, tool
332 Grab an entire CD and compress it to Ogg/Vorbis,
333 MP3, FLAC, Ogg/Speex and/or MPP/MP+(Musepack) format:
337 Tags: rip, abcde, mp3, transcode, audio
339 Show a console session in several terminals:
343 Switch behaviour of caps lock key:
347 grep with Perl-compatible regular expressions:
351 ncp: a fast file copy tool for LANs
356 Remote (receive file):
359 Tags: copy, file, network
361 utility for sorting records in complex ways:
365 a smaller, cheaper, faster SED implementation:
373 See: http://grml.org/zsh/
375 zsh reference card for grml system:
378 /usr/share/doc/grml-docs/zsh/grml-zsh-refcard.pdf.gz
382 % for i in foo* ; do mv "$i" "bar${i/foo}" ; done
384 % prename 's/foo/bar/' foo*
386 % zmv 'foo(*)' 'bar$1'
388 Test TFT / LCD display:
396 Improved grep version:
400 Grep with highlighting:
402 % grep --color=auto ...
405 Tags: grep, color, highlight
407 Extract matches when grepping:
410 % ifconfig | grepc 'inet addr:(.*?)\s'
411 % ifconfig | glark --extract-matches 'inet addr:(.*?)\s'
413 Output text as sound:
416 % xsay # when running X and text selected via mouse
418 Get information on movie files:
420 % tcprobe -i file.avi
422 Get an overview of your image files:
424 % convert 'vid:*.jpg' thumbnails.jpg
426 List all standard defines:
428 % gcc -dM -E - < /dev/null
430 Send a mail as reminder:
432 echo "mail -s 'check TODO-list' $MAILADDRESS < /dev/null" | at 23:42
434 ncurses-based presentation tool:
438 See: man tpp and /usr/share/doc/tpp/examples/
440 Use ICQ / Jabber / Yahoo! / AIM / MSN /... on command line:
444 Use IRC on command line:
450 % vimdiff file1 file2
456 Moving between diffs:
466 Hardware monitoring without kernel dependencies:
470 Install grml-iso to usb-stick:
472 % grml2usb grml.iso /mount/point
474 Tags: usbpen, usbstick, installation, grml2usb
476 Use mplayer on framebuffer console:
478 % mplayer -vo fbdev ...
480 Use links2 on framebuffer console:
482 % links2 -driver fb ...
484 Switch language / keyboard:
486 * use the bootparam lang to set language environment ($LANG, $LC_ALL, $LANGUAGE)
487 * use the bootparams keyboard / xkeyboard to activate specific keyboard layout
488 Usage example: 'grml lang=us keyboard=de xkeyboard=de'
490 Or run one of the following commands:
494 # loadkeys i386/qwertz/de-latin1-nodeadkeys.kmap.gz # console
497 Tags: language, keyboard, configuration
499 Switch setting of caps-control key (switch between ctrl + shift) on keyboard:
503 Mount usb device / usb stick:
505 % mount /mnt/external1 # corresponds to /dev/sda1
507 % mount /mnt/external # corresponds to /dev/sda
509 Install Sun Java packages:
511 Download j2re.bin-file from http://java.sun.com/downloads/index.html and run
513 # apt-get install java-package
514 # fakeroot make-jpkg j2re-*.bin
515 # dpkg -i sun-j2re*.deb
516 # update-alternatives --config java
520 ddrescue is an improved version of dd which tries to read and
521 if it fails it will go on with the next sectors, where tools
528 How to make an audio file (e.g. Musepack format) out of a DVD track:
530 % mkfifo /tmp/fifo.wav
531 % mppenc /tmp/fifo.wav track06.mpc &
532 % mplayer -vo null -vc null -ao pcm:fast:file=/tmp/fifo.wav -dvd-device /dev/dvd dvd://1 -chapter 6-6
534 Adjust the mppenc line with the encoder you would like to use,
535 for example 'oggenc -o track06.ogg /tmp/fifo.wav' for ogg files.
539 % mplayer -vo null -dumpaudio -dumpfile track06.raw -aid N -dvd-device /dev/dvd dvd://1 -chapter 6-6
540 to extract audio without processing, where 'N' is the corresponding audio channel (see 'man mplayer')
542 Usage example for getting a PCM/wave file from audio channel 128:
543 % mplayer -vo null -vc null -ao pcm:fast:file=track06.wav -aid 128 -dvd-device /dev/dvd dvd://6
545 Create simple chroot:
547 # make_chroot_jail $USERNAME
549 Convert DOS formated file to unix format:
551 sed 's/.$//' dosfile > unixfile # assumes that all lines end with CR/LF
552 sed 's/^M$//' dosfile > unixfile # in bash/tcsh, press Ctrl-V then Ctrl-M
553 sed 's/\x0D$//' dosfile > unixfile # gsed 3.02.80, but top script is easier
554 awk '{sub(/\r$/,"");print}' # assumes EACH line ends with Ctrl-M
555 gawk -v BINMODE="w" '1' infile >outfile # in DOS environment; cannot be done with
556 # DOS versions of awk, other than gawk
557 tr -d \r < dosfile > unixfile # GNU tr version 1.22 or higher
558 tr -d '\015' < dosfile > unixfile # use octal value for "\r" (see man ascii)
559 tr -d '[\015\032]' < dosfile > unixfile # sometimes ^Z is appended to DOS-files
560 vim -c ":set ff=unix" -c ":wq" file # convert using vim
561 vim -c "se ff=dos|x" file # ... and even shorter ;)
562 recode ibmpc..lat1 file # convert using recode
563 echo -e "s/\r//g" > dos2unix.sed; sed -f dos2unix.sed < dosfile > unixfile
565 Tags: windows, line, convert, recode, tr, line end,
567 Save live audio stream to file:
569 % mplayer -ao pcm:file=$FILE $URL
571 Save live stream to file:
573 % mplayer -dumpfile $FILE -dumpstream $STREAM
577 % mencoder mms://$URL -o $FILE -ovc copy -oac copy
581 % mimms mms://file.wmv
587 % avimerge -i *.avi -o blub.avi
591 % cat *.mpg > blub.mpg
595 % mencoder file1.wmv -ovc lavc -oac lavc -ofps 25 -srate 48000 -mc 0 -noskip -forceidx -o file1.avi
596 % mencoder file2.wmv -ovc lavc -oac lavc -ofps 25 -srate 48000 -mc 0 -noskip -forceidx -o file2.avi
597 % avimerge -i file1.avi file2.avi -o blub.avi
599 Display MS-Word file:
601 % strings file.doc | fmt | less
607 Convert MS-Word file to postscript:
609 % antiword -p a4 file.doc > file.ps
611 Convert manual to postscript:
613 % zcat /usr/share/man/man1/zsh.1.gz | groff -man > zsh.1.ps
615 % man -t zsh > zsh.ps
619 % dd if=/dev/mem bs=1k skip=768 count=256 2>/dev/null | strings -n 8
621 Read HTTP via netcat:
623 echo -e "GET / HTTP/1.1\r\nHost: $DOMAIN\r\n\r\n" | netcat $DOMAIN 80
625 Get X ressources for specific program:
627 % xrdb -q |grep -i xterm
629 Get windowid of specific X-window:
631 % xwininfo -int | grep "Window id:" | cut -d ' ' -f 4
633 Get titel of specific X-window:
637 check locale - LC_MESSAGES:
639 % locale -ck LC_MESSAGES
641 Create random password:
645 % dd if=/dev/urandom bs=14 count=1 | hexdump | cut -c 9-
647 Get tarballs of various Linux Kernel trees:
650 to get the current stable 2.6 release
653 to get a list of all supported trees
655 Transfer your SSH public key to another host:
657 % ssh-keygen # ssh-keygen / ssh-key-gen: if you don't have a key yet
659 % ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote-system
661 % cat $HOME/.ssh/id_rsa.pub | ssh user@remote-system 'cat >> .ssh/authorized_keys'
663 Tags: ssh, ssh key, public key, ssh-copy-id, ssh-keygen
665 Fetch and potentially change SCSI device parameters:
671 reclaim disk space by linking identical files together:
675 Find and remove duplicate files:
679 Perform layer 2 attacks:
683 Tags: network, attack, security
687 Guess PC-type hard disk partitions / partition table:
691 Perform a standard scan:
694 Write back the guessed table:
695 # gpart -W /dev/ice /dev/ice
697 Tags: partition, recovery, disk
699 Develop, test and use exploit code with the Metasploit Framework:
702 wget http://spool.metasploit.com/releases/framework-3.2.tar.gz
703 unp framework-3.2.tar.gz
707 Useful documentation:
709 % w3m /usr/share/doc/Debian/reference/reference.en.html
711 % xpdf =(zcat /usr/share/doc/Debian/reference/reference.en.pdf.gz)
713 http://grml.org/docs/ grml Documentation
714 http://wiki.grml.org/ grml Wiki
715 http://www.debian.org/doc/ Debian Documentation
716 http://wiki.debian.org/ Debian Wiki
717 http://www.gentoo.org/doc/en/ Gentoo Documentation
718 http://gentoo-wiki.com/ Gentoo Wiki
719 http://www.tldp.org/ The Linux Documentation Project
723 % fortune debian-hints
729 % fortune debian-hints
730 % dpkg -L funny-manpages
732 Backup master boot record (MBR):
734 # dd if=/dev/ice of=/tmp/backup_of_mbr bs=512 count=1
738 Backup partition table:
740 # sfdisk -d /dev/hda > hda.out
742 Restore partition table:
744 # sfdisk /dev/hda < hda.out
746 Tags: backup, partition, sfdisk, recovery
748 Clone disk via network using netcat:
751 # nc -vlp 30000 > hda1.img
753 # dd if=/dev/hda1 | nc -vq 0 192.168.1.2 30000
755 Adjust blocksize (dd's option bs=...) and include 'gzip -c'
758 # dd if=/dev/hda1 bs=32M | gzip -c | nc -vq 0 192.168.1.2 30000
760 Tags: network, backup, dd, netcat
762 Backup specific directories via cpio and ssh:
764 # for f in directory_list; do find $f >> backup.list done
765 # cpio -v -o --format=newc < backup.list | ssh user@host "cat > backup_device"
771 This one uses CPU cycles on the remote server to compare the files:
772 # ssh target_address cat remotefile | diff - localfile
773 # cat localfile | ssh target_address diff - remotefile
775 This one uses CPU cycles on the local server to compare the files:
776 # ssh target_address cat <localfile "|" diff - remotefile
778 Tags: network, backup, ssh
780 Useful tools for cloning / backups:
782 * dd: convert and copy a file
783 * dd_rescue: copies data from one file (or block device) to another
784 * pcopy: a replacement for dd
785 * partimage: back up and restore disk partitions
786 * dirvish: Disk based virtual image network backup system
787 * devclone: in-place filesystem conversion -- device cloning
788 * ntfsclone: efficiently clone, image, restore or rescue an NTFS
789 * dump: ext2/3 filesystem backup
790 * udpcast: multicast file transfer tool
791 * cpio: copy files to and from archives
792 * pax: read and write file archives and copy directory hierarchies
793 * netcat / ssh / tar / gzip / bzip2: additional helper tools
795 Tags: network, backup, ssh, udp, rescue, recovery
797 Use grml as a rescue system:
801 * dd: convert and copy a file
802 * ddrescue: copies data from one file or block device to another
803 * partimage: Linux/UNIX utility to save partitions in a compressed image file
804 * cfdisk: Partition a hard drive
805 * nparted: Newt and GNU Parted based disk partition table manipulator
806 * parted-bf: The GNU Parted disk partition resizing program, small version
807 * testdisk: Partition scanner and disk recovery tool
808 * gpart: Guess PC disk partition table, find lost partitions
812 * e2fsprogs: ext2 file system utilities and libraries
813 * e2tools: utilities for manipulating files in an ext2/ext3 filesystem
814 * e2undel: Undelete utility for the ext2 file system
815 * ext2resize: an ext2 filesystem resizer
816 * recover: Undelete files on ext2 partitions
820 * reiser4progs: administration utilities for the Reiser4 filesystem
821 * reiserfsprogs: User-level tools for ReiserFS filesystems
825 * xfsdump: Administrative utilities for the XFS filesystem
826 * xfsprogs: Utilities for managing the XFS filesystem
830 * jfsutils: utilities for managing the JFS filesystem
834 * ntfsprogs: tools for doing neat things in NTFS partitions from Linux
835 * salvage-ntfs: free NTFS data recovery tools
836 * scrounge-ntfs: data recovery program for NTFS file systems
837 * ntfsresize: resize ntfs partitions
839 Tags: ntfs, jfs, xfs, ext3, rescue, recovery, backup, filesystem, tools
841 Get ASCII value of a character with zsh:
843 % char=N ; print $((#char))
845 Convert a collection of mp3 files to wave or cdr using zsh:
847 % for i (./*.mp3){mpg321 --w - $i > ${i:r}.wav}
849 Convert images (foo.gif to foo.png) using zsh:
851 % for i in **/*.gif; convert $i $i:r.png
853 Remove all "non txt" files using zsh:
857 Remote Shell Using SSH:
860 % ssh -NR 3333:localhost:22 user@yourhost
863 % ssh user@localhost -p 3333
865 Tags: port forwarding, ssh, remote port, network
867 Reverse Shell with Netcat:
870 % netcat -v -l -p 3333 -e /bin/sh
873 % netcat 192.168.0.1 3333
875 TagS: port forwarding, ssh, remote, network
877 Reverse Shell via SSH:
879 local host (inside the network):
880 % ssh -NR 1234:localhost:22 remote_host
882 remote host (outside the network):
883 % ssh localhost -p 1234
885 Tags: port forwarding, ssh, remote port, network
887 Remove empty directories with zsh:
889 % rmdir ./**/*(/od) 2> /dev/null
891 Find all the empty directories in a tree with zsh:
895 Find all files without a valid owner and change ownership with zsh:
897 % chmod user /**/*(D^u:${(j.:u:.)${(f)"$(</etc/passwd)"}%%:*}:)
899 Display the 5-10 last modified files with zsh:
901 % print -rl -- /path/to/dir/**/*(D.om[5,10])
903 Find and list the ten newest files in directories and subdirs (recursive) with zsh:
905 % print -rl -- **/*(Dom[1,10])
907 Find most recent file in a directory with zsh:
909 % setopt dotglob ; print directory/**/*(om[1])
911 Tunnel all traffic through an external server:
913 % ssh -ND 3333 username@external.machine
915 Then set the SOCKS4/5 proxy to localhost:3333.
916 Check whether it's working by surfing e.g. to checkip.dyndns.org
918 Tags: ssh, network, proxy, socks, tunnel
920 Tunnel everything through SSH via tsocks:
922 set up the SSH proxy on the client side:
924 % ssh -ND 3333 user@remote.host.example.com
926 Adjust /etc/tsocks.conf afterwards (delete all other lines):
931 For programs who natively support proxying connections (e.g. Mozilla
932 Firefox) you can now set the proxy address to localhost port 3333.
934 All other programs which's connections you want to tunnel through your
935 external host are prefixed with tsocks, e.g.:
937 % tsocks netcat example.com 80
938 % tsocks irssi -c irc.quakenet.eu.org -p 6667
940 If you call tsocks without parameters it executes a shell witht the
941 LD_PRELOAD environment variable already set and exported.
943 Tags: ssh, network, proxy, socks, tunnel, tsocks
945 smartctl - control and monitor utility for harddisks using Self-Monitoring,
946 Analysis and Reporting Technology (SMART):
948 # smartctl --all /dev/ice
950 If you want to use smartctl on S-ATA (sata) disks use:
952 # smartctl -d ata --all /dev/sda
955 # smartctl -t offline /dev/ice
958 # smartctl -t short /dev/ice
960 Display results of test:
961 # smartctl -l selftest /dev/ice
963 Query device information:
964 # smartctl -i /dev/ice
966 Tags: smart, s.m.a.r.t, info, test, hardware
968 Mount a BSD / Solaris partition:
970 # mount -t ufs -o ufstype=ufs2 /dev/hda1 /mnt/hda1
972 Use ufstype 44bsd for FreeBSD, NetBSD, OpenBSD (read-write).
973 Use ufstype ufs2 for >= FreeBSD 5.x (read-only).
974 Use ufstype sun for SunOS (Solaris) (read-write).
975 Use ufstype sunx86 for SunOS for Intel (Solarisx86) (read-write).
977 See /usr/share/doc/linux-doc-$(uname -r)/Documentation/filesystems/ufs.txt.gz
980 Tags: ufs, bsd, mount, solaris
982 Read BIOS (and or BIOS) password:
984 # dd if=/dev/mem bs=512 skip=2 count=1 | hexdump -C | head
986 Clone one of the kernel trees via git:
988 git clone rsync://rsync.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git
989 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
990 This path defines the tree. See http://kernel.org/git/ for an overview.
992 Mount filesystems over ssh protocol:
994 % sshfs user@host:/remote_dir /mnt/test
998 % fusermount -u /mnt/test
1000 (Notice: requires fuse kernel module)
1002 Tags: ssh, sshfs, network, mount, directory, remote, fuse
1004 Install Gentoo using grml:
1006 See http://www.gentoo.org/doc/en/altinstall.xml
1008 Convert files from Unicode / UTF-8 to ISO:
1010 % iconv -c -f utf8 -t iso-8859-15 < utffile > isofile
1014 % iconv -f iso-8859-15 -t utf8 < isofile > utffile
1016 Tags: utf-8, iso, unicode, utf8
1018 Assign static setup for network cards (NICs) via udev:
1020 Retrieve information for address (corresponding to MAC address):
1022 # udevadm info -a -p /sys/class/net/eth0/ | grep -i 'ATTR{address}'
1024 Execute /lib/udev/write_net_rules with according values (INTERFACE
1025 is old NIC name, INTERFACE_NAME is new NIC name and MATCHADDR
1026 is the MAC address retrieved with udevadm info command):
1028 # INTERFACE=eth0 INTERFACE_NAME=lan0 MATCHADDR=00:00:00:00:00:01 /lib/udev/write_net_rules
1030 This will generate file /etc/udev/rules.d/70-persistent-net.rules with content:
1032 SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:00:00:00:00:01", KERNEL=="eth*", NAME="lan0"
1034 Finally take down the interface (ifdown/ifconfig) and execute:
1036 # udevadm trigger --action=add --subsystem-match=net
1038 so the interface will be renamed. (Rebooting or
1039 unloading drivers/restart udev/loading drivers again
1040 works as well of course.)
1042 Tags: udev, configuration, name, eth0, howto
1044 Change the suffix from *.sh to *.pl using zsh:
1047 % zmv -W '*.sh' '*.pl'
1049 Generate SSL certificate:
1051 Create self signed certificate (adjust /etc/ssl/openssl.cnf if necessary):
1052 # openssl req -x509 -newkey rsa:1024 -keyout keyfile -out certfile -days 9999 -nodes
1055 # openssl x509 -in certfile -text
1057 Verify against CA certificate:
1058 # openssl verify -CAfile cacert.crt -verbose -purpose sslserver
1060 Generate 2048bit RSA-key:
1061 # openssl req -new -x509 -keyout pub-sec-key.pem -out pub-sec-key.pem -days 365 -nodes
1063 As before but add request to existing key pub-sec-key.pem:
1064 # openssl req -new -out request.pem -keyin pub-sec-key.pem
1066 Show request request.pem:
1067 # openssl req -text -noout -in request.pem
1069 Verify signature of request request.pem:
1070 # openssl req -verify -noout -in request.pem
1072 Generate SHA1 fingerprint (modulo key) of request.pem:
1073 # openssl req -noout -modulus -in request.pem | openssl sha1 -c
1075 Generate 2048bit RSA-key and put it to pub-sec-key.pem. Save self signed certificate in self-signed-certificate.pem:
1076 # openssl req -x509 -days 365 -newkey rsa:2048 -out self-signed-certificate.pem -keyout pub-sec-key.pem
1078 As before but create self signed certificate based on existing key pub-sec-key.pem:
1079 # openssl req -x509 -days 365 -new -out self-signed-certificate.pem -key pub-sec-key.pem
1081 Generate new request out of existing self signed certificate:
1082 # openssl x509 -x509toreq -in self-signed-certificate.pem -signkey pub-sec-key.pem -out request.pem
1084 Display certificate self-signed-certificate.pem in plaintext:
1085 # openssl x509 -text -noout -md5 -in self-signed-certificate.pem
1087 Check self signed certificate:
1088 # openssl verify -issuer_checks -CAfile self-signed-certificate.pem self-signed-certificate.pem
1090 Estable OpenSSL-connection using self-signed-certificate.pem and display certificate:
1091 # openssl s_client -showcerts -CAfile self-signed-certificate.pem -connect www.example.com:443
1093 Generate ssl-certificate for use with apache2:
1095 export RANDFILE=/dev/random
1096 mkdir /etc/apache2/ssl/
1097 openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem
1098 chmod 600 /etc/apache2/ssl/apache.pem
1100 Also take a look at make-ssl-cert (debconf wrapper for openssl):
1102 # /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/apache.pem
1104 and mod-ssl-makecert (utility to create SSL certificates in /etc/apache/ssl.*/).
1106 Tags: openssl, howto
1108 Change Windows NT password(s):
1110 # mount -o rw /mnt/hda1
1111 # cd /mnt/hda1/WINDOWS/system32/config/
1112 # chntpw SAM SECURITY system
1114 Notice: if mounting the partition read-write did not work (check syslog!)
1115 try using mount.ntfs-3g instead: mount.ntfs-3g /dev/hda1 /mnt/hda1
1117 (Be careful with deactivating syskey!)
1119 Tags: password, windows, recovery, chntpw, howto
1121 glark - replacement for grep written in Ruby:
1123 A replacement for (or supplement to) the grep family, glark offers:
1124 Perl compatible regular expressions, highlighting of matches,
1125 context around matches, complex expressions and automatic exclusion
1130 % glark -y keyword file # display only the region that matched, not the entire line
1131 % glark -o format print *.h # search for either "printf" or "format"
1133 More information: man glark
1135 Find CD burning device(s):
1137 General information on CD-ROM:
1138 % cat /proc/sys/dev/cdrom/info
1140 Scan using ATA Packet specific SCSI transport:
1141 # cdrecord -dev=ATA -scanbus
1142 # cdrecord-prodvd -s -scanbus dev=ATA
1144 Get specific information for /dev/ice:
1145 # cdrecord dev=/dev/ice -scanbus
1147 Tags: hardware, info, cd burn
1149 Create devices in /dev on udev:
1151 For example create md devices (/dev/md0, /dev/md1,...):
1152 # cd /dev ; WRITE_ON_UDEV=1 ./MAKEDEV md
1156 Identify network device (NIC):
1158 # ethtool -i $DEVICE
1160 Show NIC statistics:
1162 # ethtool -S $DEVICE
1164 If your NIC shows some aging signs, you may want to be sure:
1166 # ethtool -t $DEVICE
1168 Disable TCP/UDP checksums:
1170 # ethtool -K $DEVICE tx off
1172 Tags: configuration, network, device
1174 grml2hd seems to hang? Getting Squashfs errors? Problems while booting?
1176 Switch to tty12 and take a look at the syslog. If you see something like:
1178 SQUASHFS error: zlib_fs returned unexpected result 0x........
1179 SQUASHFS error: Unable to read cache block [.....]
1180 SQUASHFS error: Unable to read inode [.....]
1182 your ISO/CD-ROM very probably is not ok. Verify it via booting with grml testcd.
1183 Check your CD low-level via running:
1185 # readcd -c2scan dev=/dev/cdrom
1187 If the medium really is ok and it still fails try to boot with deactivated DMA
1188 via using grml nodma at the bootprompt.
1190 Tags: grml2hd, installation, verify, squashfs, error
1192 Write a Microsoft compatible boot record (MBR) using ms-sys
1194 Write a Windows 2000/XP/2003 MBR to a device:
1196 # ms-sys -m /dev/ice
1198 Notice: grab ms-sys from http://ms-sys.sourceforge.net/ - demo:
1200 wget http://surfnet.dl.sourceforge.net/sourceforge/ms-sys/ms-sys-2.1.3.tgz
1201 unp ms-sys-2.1.3.tgz
1206 Tags: mbr, windows, ms-sys, recovery
1208 Use a Vodafone 3G Datacard (UMTS) with Linux:
1210 Plug in your vodafone card and check in syslog whether the appropriate
1211 (probably /dev/ttyUSB0 or /dev/noz0) has been created. If so run:
1214 # wvdial --config /etc/wvdial.conf.umts $PROFILE
1217 # comgt -d /dev/ttyUSB0
1218 # wvdial --config /etc/wvdial.conf.umts a1usb
1220 # comgt -d /dev/noz0
1221 # wvdial --config /etc/wvdial.conf.umts tmnozomi
1223 # comgt -d /dev/noz0
1224 # wvdial --config /etc/wvdial.conf.umts dreiusb
1226 # comgt -d /dev/ttyACM0
1227 # wvdial --config /etc/wvdial.conf.umts yesss
1229 If you receive invalid DNS nameservers when connecting, like:
1232 --> primary DNS address 10.11.12.13
1233 --> secondary DNS address 10.11.12.14
1235 just provide a working nameserver to resolvconf via:
1237 # echo "nameserver 80.120.17.70" | resolvconf -a ppp0
1239 Notice: some vodafone cards require the nozomi driver (run 'modprobe nozomi' on
1240 your grml system), some other ones require the sierra driver (run
1243 If your device isn't supported by usbserial yet, manually provide vendor and
1244 product ID when loading the usbserial module. Usage example:
1248 Bus 004 Device 008: ID 1199:6813 Sierra Wireless, Inc.
1250 # modprobe usbserial vendor=0x1199 product=0x6813
1252 To get a list of available providers execute:
1254 # comgt -s -d /dev/ttyUSB0 /etc/comgt/operator
1256 Tags: umts, 3g, vodafone, sierra, wvdial, ppp, howto
1258 hdparm - get/set hard disk parameters
1260 Display the identification info that was obtained from the drive at boot time,
1262 # hpdarm -i /dev/ice
1264 Request identification info directly from the drive:
1265 # hpdarm -I /dev/ice
1267 Perform timings of device + cache reads for benchmark and comparison purposes:
1268 # hdparm -tT /dev/ice
1270 Tags: hardware, performance, configuration, harddisk
1272 bonnie++ - program to test hard drive performance.
1274 # mkdir /mnt/benchmark
1275 # mount /dev/ice /mnt/benchmark
1276 # chmod go+w /mnt/benchmark
1277 # bonnie -u grml -d /mnt/benchmark -s 2000M
1279 Tags: benchmark, harddisk
1281 Use gizmo with a bluetooth headset:
1283 % DEVICE="/dev/dsp$(awk '/- BT Headset/ {print $1}' /proc/asound/cards)"
1284 % gizmo --mic $DEVICE --speaker $DEVICE
1286 Scan a v4l device for TV stations:
1288 % scantv -c /dev/video0 -C /dev/vbi0 -o ~/.xawtv
1290 Then running xawtv should work:
1294 Run apt-get with timeout of 3 seconds:
1296 # apt-get -o acquire::http::timeout=3 update
1300 Debian GNU/Linux device driver check page
1302 % $BROWSER http://kmuto.jp/debian/hcl/index.cgi
1304 Use dd with status line:
1306 # dd if=/dev/ice conv=noerror,notrunc,sync | buffer -S 100k | dd of=/tmp/file
1308 Generate a 512k file of random data with status bar:
1310 % dd if=/dev/random bs=1024 count=512 | bar -s 512k -of ./random
1312 Install Grub instead of lilo on grml installation (grml2hd):
1317 adjust grub's configuration file menu.lst:
1318 # $EDITOR /boot/grub/menu.lst
1320 now install grub (usage example for /dev/sda1):
1327 Install Ubuntu using grml:
1329 See https://wiki.ubuntu.com/Installation/FromKnoppix
1331 Tags: ubuntu, installation
1333 Resize ext2 / ext3 partition:
1335 # tune2fs -O '^has_journal' /dev/iceX # disable journaling
1336 # fsck.ext2 -v -y -f /dev/iceX # check the filesystem
1337 # resize2fs -p /dev/iceX $SIZE # resize it (adjust $SIZE)
1338 # fdisk /dev/ice # adjust partition in partition table
1339 # fsck.ext2 -v -y -f /dev/iceX # check filesystem again
1340 # resize2fs -p /dev/iceX # resize it to maximum
1341 # tune2fs -j /dev/iceX # re-enable journal
1343 Tags: resize, ext2, ext3, ext4, partition, howto
1345 Tune ext2 / ext3 filesystem:
1347 Check partition first:
1349 # tune2fs -l /dev/iceX
1351 If you don't see dir_index in the list, then enable it:
1353 # tune2fs -O dir_index /dev/iceX
1355 Now run e2fsck with the -D option to have the directories optimized:
1357 # e2fsck -D /dev/iceX
1359 Notice: since e2fsprogs (1.39-1) filesystems are created with
1360 directory indexing and on-line resizing enabled by default.
1362 Tags: configuration, ext2, ext3, ext4, partition
1364 Search for printers via network:
1366 # pconf_detect -m NETWORK -i 192.168.0.1/24
1368 Tags: printer, network, scan
1370 Mount a remote directory via webdav (e.g. Mediacenter of GMX):
1372 # mount -t davfs https://mediacenter.gmx.net/ /mnt/test
1374 Tags: webdav, mount, mediacenter, gmx
1376 System-Profiling using oprofile:
1381 # opcontrol --setup --no-vmlinux --event=CPU_CLK_UNHALTED:500000:0:1:1 --separate=library
1386 Now $DO_SOME_TASKS...
1389 # opcontrol --shutdown
1391 Then take a look at the reports using something like e.g.:
1392 # opreport -t 0.5 --exclude-dependent
1393 # opreport -t 0.5 /path/to/executable_to_check
1394 # opannotate -t 0.5 --source --assembly
1396 Tags: profile, profiling, opcontrol, howto
1398 Install ATI's fglrx driver for Xorg / X.org:
1400 Usually there already exist drivers for the grml-system:
1401 # apt-get update ; apt-get install fglrx-driver fglrx-kernel-`uname -r`
1403 After installing adjust xorg.conf via running:
1404 # aticonfig --initial --input=/etc/X11/xorg.conf
1406 For more information take a look at http://wiki.grml.org/doku.php?id=ati
1408 Tags: xorg, x11, driver, ati
1410 Install nvidia driver for Xorg / X.org:
1412 Usually there already exist drivers for the grml-system:
1413 # apt-get update ; apt-get install nvidia-glx nvidia-kernel-`uname -r`
1415 Then switch from module nv to nvidia:
1417 # sed -i 's/Driver.*nv.*/Driver "nvidia"/' /etc/X11/xorg.conf
1419 Tags: xorg, x11, driver, nvidia
1421 glxgears - a GLX demo that draws three rotating gears
1423 To print frames per second (fps) use:
1424 % glxgears -printfps
1426 Tags: xorg, x11, glx,
1428 You forgot to boot with 'grml noeject noprompt' to avoid
1429 ejecting and prompting for CD removal when rebooting/halting
1440 If you want to avoid only the prompting part, run:
1448 Tags: bootparam, fix, grml
1450 Mount wikipedia local via fuse:
1452 Adjust configuration:
1453 % cat ~/.wikipediafs/config.xml
1456 <article-cache-time>300</article-cache-time>
1460 <dirname>wikipedia-de</dirname>
1461 <host>de.wikipedia.org</host>
1462 <basename>/w/index.php</basename>
1465 <dirname>wikipedia-en</dirname>
1466 <host>en.wikipedia.org</host>
1467 <basename>/w/index.php</basename>
1472 Mount it (/wiki must exist of course):
1473 % mount.wikipediafs /wiki
1474 % cat /wiki/wikipedia-en/Cat
1477 % fusermount -u /wiki
1479 Tags: fuse, wikipedia, mount
1481 Remote notification on X via osd (on screen display):
1483 Start osd_server.py at your local host (listens on port 1234 by default):
1486 Then login to a $REMOTEHOST
1487 % ssh -R 1234:localhost:1234 $REMOTEHOST
1489 Now send the text to your local display via running something like:
1490 % echo "text to send" | nc localhost 1234
1492 Very useful when you are waiting for a long running job
1493 but want to do something else in the meanwhile:
1495 % ./configure && make && echo "finished compiling" | netcat localhost 1234
1497 You can use this in external programs as well of course. Examples:
1499 Use osd in centericq:
1501 % cat ~/.centericq/external
1510 if [ -x /usr/bin/socat -a -x /bin/netcat ] ; then
1511 CONTACT_CUSTOM_NICK=$(cat ${CONTACT_INFODIR}/info | head -n 46 | tail -n 1)
1512 osd_msg="*** CenterICQ: new ${EVENT_NETWORK} ${EVENT_TYPE} from ${CONTACT_CUSTOM_NICK} ***"
1513 if echo | socat - TCP4:localhost:1234 &>/dev/null ; then
1514 echo "${osd_msg}" | netcat localhost 1234
1518 Use it in the IRC console client irssi via running:
1522 You can even activate the port forwarding by default globally:
1527 RemoteForward 1234 127.0.0.1:1234
1530 Notice: if you get 'ABORT: Requested font not found' make sure the
1531 requested font is available, running 'LANG=C LC_ALL=C osd_server.py...'
1534 Tags: osd, notification, ssh, network, port-forwarding
1536 Avoid automatical startup of init scripts via invoke-rc.d:
1538 First of all make sure the package policyrcd-script-zg2 (which
1539 provides the /usr/sbin/policy-rc.d interface) is installed.
1541 In policyrcd-script-zg2's configuration file named
1542 /etc/zg-policy-rc.d.conf the script /usr/sbin/grml-policy-rc.d is
1543 defined as the interface for handling invoke-rc.d's startup policy.
1545 grml-policy-rc.d can be configure via /etc/policy-rc.d.conf. By
1546 default you won't notice any differences to Debian's default
1547 behaviour, except that invoke-rc.d won't be executed if a chroot has
1548 been detected (detection: /proc is missing).
1550 If you want to disable automatical startup of newly installed packages
1551 (done via the invoke-rc.d mechanism) just set EXITSTATUS to '101' in
1552 /etc/policy-rc.d.conf.
1554 To restore the default behaviour set EXITSTATUS back to '0' in
1555 /etc/policy-rc.d.conf.
1557 Tags: policy, init, script, invode-rc.d
1559 Install VMware-Tools for grml:
1561 First of all make sure a CD-ROM device in VMware is available.
1563 Mount the CD-ROM device to /mnt/cdrom, then unpack and install
1567 unp /mnt/cdrom/vmware-linux-tools.tar.gz
1568 cd vmware-tools-distrib
1571 /etc/init.d/networking stop
1576 /etc/init.d/networking start
1578 In an X terminal, launch the VMware Tools running:
1582 Tags: vmware, tool, vmware-toolbox, howto
1584 Some important Postfix stuff
1592 Send all messages in the queue:
1596 Send all messages in the queue for a specific site:
1600 Delete a specific message
1601 # postsuper -d 12345678942
1603 Deletes all messages held in the queue for later delivery
1604 # postsuper -d ALL deferred
1606 Mail queues in postfix:
1608 incoming -> mail who just entered the system
1609 active -> mail to be delivered
1610 deferred -> mail to be delivered later because there were problems
1611 hold -> mail that should not be delivered until released from hold
1613 For configuration of postfix take a look at
1614 /etc/postfix/master.cf - man 5 master
1615 /etc/postfix/main.cf - man 5 postconf
1616 and http://www.postfix.org/documentation.html.
1620 mode 4000 - set user ID (suid):
1622 - for executable files: run as the user who owns the file, instead of the
1623 user who runs the file
1624 - for directories: not used
1626 mode 2000 - set group ID (guid):
1628 - for executable files: run as the group who owns the file, instead of the
1629 group of the user who runs the file
1630 - for directories: when a file is created inside the directory, it belongs
1631 to the group of the directory instead of the default group of the user who
1634 mode 1000 - sticky bit:
1636 - for files: not used
1637 - for directories: only the owner of a file can delete or rename the file
1639 Tags: postix, mailq, postsuper, queue, delete, smtp
1641 Create MySQL database
1643 # apt-get install mysql-client mysql-server
1645 Run 'mysql' as root - create a database with:
1647 create database grml
1649 Give a user access to the database (without password):
1651 grant all on grml.* to mika;
1653 Give a user access to the database (with password):
1655 grant all on grml.* to enrico identified by "PASSWORD";
1657 Tags: mysql, database
1659 Setup an HTTPS website:
1661 Create a certificate:
1663 # mkdir /etc/apache2/ssl
1664 # make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
1666 Create a virtual host on port 443:
1668 <VirtualHost www.foo.invalid:443>
1672 Enable SSL in the VirtualHost:
1675 SSLCertificateFile /etc/apache2/ssl/apache.pem
1677 Enable listening on the HTTPS port (/etc/apache2/ports.conf):
1681 and make sure the SSL module is used:
1685 Tags: ssl, https, configuration, apache
1687 Useful Apache / Apache2 stuff
1689 Check configuration file via running:
1691 # apache2ctl configtest
1699 # a2enmod modulename
1701 Tags: apache, configuration
1703 Create tar archive and store it on remote machine:
1705 % tar zcf - /sourcedir | ssh user@targethost "cat >file.tgz"
1707 Tags: tar, backup, remote, network, ssh
1709 Pick out and displays images from network traffic:
1713 Tags: remote, network, sniff, image
1715 Install Flash plugin:
1717 # dpkg-reconfigure flashplugin-nonfree
1721 To test a proxy, low level way:
1725 GET http://www.google.com HTTP/1.0 [press enter twice]
1729 Adjust system for use of qemu with kqemu:
1731 Make sure you have all you need:
1732 # aptitude update ; aptitude install qemu kqemu-modules-$(uname -r)
1737 mknod /dev/kqemu c 250 0
1738 chmod 666 /dev/kqemu
1739 chmod 666 /dev/net/tun
1741 Check kqemu support via starting qemu, press
1742 Ctrl-Alt-2 and entering 'info kqemu'.
1744 (High-Load) Debugging related tools:
1746 mpstat # report processors related statistics
1747 iostat # report CPU statistics and input/output statistics for devices and partitions
1748 vmstat # report virtual memory statistics
1749 slabtop # display kernel slab cache information in real time
1750 atsar # system activity report
1751 dstat # versatile tool for generating system resource statistics
1762 Tags: test, debug, information, hardware, statistic
1764 Using WPA for network setup manually:
1766 # wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf
1768 Adjust the options and configuration file to your needs.
1769 Also take a look at 'grml-network'.
1771 Tags: wireless, wpa, network, configuration
1773 Start X and lock console via exiting:
1775 % startx 2>~/.xsession-errors &| exit
1777 Tags: xorg, x11, startx, graphical
1779 Which process is writing to disk and/or causes the disk to spin up?
1781 First of all use lsof to check what's going on. Does not help? ->
1783 # echo 1 > /proc/sys/vm/block_dump
1785 The command sets a sysctl to cause the kernel to log all disk
1786 writes. Please notice that there is a lot of data. So please
1787 disable syslogd/syslog-ng before you do this, or you must make
1788 sure that kernel output is not logged.
1790 When you're done, disable block dump using:
1791 # echo 0 > /proc/sys/vm/block_dump
1794 laptop-mode-tools provides a tool named lm-profiler (laptop mode profiler)
1795 which handles block_dump on its own.
1797 See: $KERNEL-SOURCE/Documentation/laptop-mode.txt
1799 Also take a look at event-viewer(8) which is part of grml-debugtools.
1801 Tags: debug, device, block, partition
1803 Install initrd via initramfs-tools for currently running kernel:
1805 # update-initramfs -c -t -k $(uname -r)
1809 Install initrd via yaird for currently running kernel:
1811 # yaird -o /boot/initrd.img-$(uname -r)
1813 Install initrd via yaird for specific kernel:
1817 # yaird -o /boot/initrd.img-2.6.15-1-686 2.6.15-1-686
1819 Reinstall package with its original configuration files:
1821 # apt-get install --reinstall -o DPkg::Options::=--force-confmiss -o \
1822 DPkg::Options::=--force-confnew package
1824 grml 0.8 funkenzutzler - rt2x00 drivers:
1826 To avoid conflicts with the other rt2x00-drivers the package rt2x00 (which
1827 includes beta-version drivers) is not installed by default. If you want to
1828 use the kernel modules rt2400pci, rt2500pci, rt2500usb, rt61pci and/or
1829 rt73usb please install the package manually running:
1831 # dpkg -i /usr/src/rt2x00-modules-*.deb
1833 Use Java with jikes and jamvm on grml:
1837 % cp /usr/share/doc/grml-templates/template.java .
1838 % jikes template.java
1841 Notice that grml exports $JIKESPATH (/usr/share/classpath/glibj.zip),
1842 so you do not have to manually run
1843 jikes --bootclasspath /usr/share/classpath/glibj.zip
1845 Online resizing of (Software-)RAID5:
1847 # Initiate a RAID5 setup for testing purposes:
1848 mdadm --create --verbose /dev/md0 --level=5 --raid-devices=3 /dev/hda1 /dev/hdb1 /dev/hdd1
1850 # Create filesystem, mount md0, create a testfile and save md5sum for
1853 mount /dev/md0 /mnt/test
1854 dd if=/dev/urandom of=/mnt/test/dd bs=512 count=10000
1855 md5sum /mnt/test/dd > md5sum
1857 # Make sure the RAID is synched via checking:
1860 # Now remove one partition:
1861 mdadm /dev/md0 --fail /dev/hdd1 --remove /dev/hdd1
1863 # Delete partition, create a new + bigger one and set partition type to fd
1864 # (Linux raid autodetect):
1867 # And re-add the partition:
1868 mdadm -a /dev/md0 /dev/hdd1
1870 # Make sure the RAID is synched via checking:
1873 # Repeat the steps for all other disks/partitions as well:
1874 mdadm /dev/md0 --fail /dev/hdb1 --remove /dev/hdb1
1876 mdadm -a /dev/md0 /dev/hdb1
1878 mdadm /dev/md0 --fail /dev/hda1 --remove /dev/hda1
1880 mdadm -a /dev/md0 /dev/hda1
1883 # Now resize the RAID5 system online [see 'man mdadm' for details]:
1884 mdadm --detail /dev/md0 | grep -e 'Array Size' -e 'Device Size'
1885 mdadm --grow /dev/md0 -z max
1886 mdadm --detail /dev/md0 | grep -e "Array Size" -e 'Device Size'
1888 # Last step - resize the filesystem (online again):
1891 Tags: raid, resize, raid5, mdadm
1893 ext3 online resizing:
1895 Starting with Linux kernel 2.6.10 you can resize ext3 online. With
1896 e2fsprogs >=1.39-1 new filesystems are created with directory indexing and
1897 on-line resizing enabled by default (see /etc/mke2fs.conf).
1901 cfdisk /dev/hda # create a partition with type 8e (lvm)
1902 pvcreate /dev/hda2 # create a physical volume
1903 vgcreate vg0 /dev/hda2 # create volume group
1904 lvcreate -n resize_me -L1G vg0 # create a logical volume
1905 mkfs.ext3 /dev/mapper/vg0-resize_me # now create a new filesystem
1906 mount /dev/mapper/vg0-resize_me /mnt/test # mount the new fs for demonstrating online resizing
1907 df -h # check the size of the partition
1908 lvextend -L+2G /dev/mapper/vg0-resize_me # let's extend the logical volume
1909 resize2fs -p /dev/mapper/vg0-resize_me # and finally resize the filesystem
1910 df -h # recheck the size of the partition
1912 This also works for Software-RAID. Demo:
1914 mdadm --create --verbose /dev/md0 --level=raid1 --raid-devices=2 /dev/hda2 /dev/hdb1
1916 mount /dev/md0 /mnt/test
1917 mdadm /dev/md0 --fail /dev/hda2 --remove /dev/hda2
1918 cfdisk /dev/hda # adjust partition size for hda2
1919 mdadm /dev/md0 --add /dev/hda2
1920 mdadm /dev/md0 --fail /dev/hdb1 --remove /dev/hdb1
1921 cfdisk /dev/hdb # adjust partition size for hdb1
1922 mdadm /dev/md0 --add /dev/hdb1
1923 mdadm --grow /dev/md0 --size=max
1926 Notice: online resizing works as soon as the kernel can re-read the
1927 partition table. So it works for example with LVM and SW-RAID but not with
1928 a plain device (/dev/[sh]d*). The kernel does not re-read the partition
1929 table if the device is already mounted.
1931 Tags: resize, raid, lvm, ext2, ext3, ext4, raid1
1933 Use vim as an outline editor:
1935 % $PAGER /usr/share/doc/vim-vimoutliner/README.Debian
1939 Monitor directories/files for changes using iwatch
1941 Monitor /tmp for changes:
1944 Monitor files/directories specified in /etc/iwatch.xml
1945 and send mail on changes:
1948 Tags: inotify, watch, file, directory
1950 Some often used mdadm commands:
1953 # mdadm --create --verbose /dev/md0 --level=raid1 --raid-devices=2 /dev/hda1 /dev/hdb1
1955 Display details of specific RAID:
1956 # mdadm --detail /dev/md0
1959 Simulating a drive failure by software:
1960 # mdadm --manage --set-faulty /dev/md0 /dev/hda1
1962 Remove disk from RAID:
1963 # mdadm /dev/md0 -r /dev/hda1
1965 Set disk as faulty and remove from RAID:
1966 # mdadm /dev/md0 --fail /dev/hda1 --remove /dev/hda1
1971 Restart a RAID-device:
1974 Add another disk to existing RAID setup (hotadd):
1975 # mdadm /dev/md0 -a /dev/hde1
1976 # mdadm --grow /dev/md0 --raid-devices=4
1978 Assemble and start all arrays:
1979 # mdadm --assemble --scan
1981 Assemble a specific array:
1982 # mdadm --assemble /dev/md0 /dev/sda1 /dev/sdb1 /dev/sdc1
1985 # mdadm --assemble --run --force --update=resync /dev/md0 /dev/sda1 /dev/sda2
1988 # mdadm --stop --scan
1990 Scan for and setup arrays automatically:
1991 # mdadm --assemble --scan --auto=yes --verbose
1993 Notice: If the above does not work make sure /etc/mdadm/mdadm.conf contains:
1995 CREATE owner=root group=disk mode=0660 auto=yes
2000 # /usr/share/mdadm/mkconf > /etc/mdadm/mdadm.conf
2003 Monitoring the sw raid
2004 # nohup mdadm --monitor --mail=root@localhost --delay=300 /dev/md0
2006 Producing /etc/mdadm/mdadm.conf:
2007 # mdadm --detail --scan > /etc/mdadm/mdadm.conf
2009 See also: man mdadm | less -p "^EXAMPLES"
2010 http://www.tldp.org/HOWTO/Software-RAID-HOWTO.html
2012 Tags: raid, raid1, raid5, configuration, mdadm, howto
2014 A quick summary of the most commonly used RAID levels:
2017 => 2 disks each 160 GB: 320 GB data
2018 RAID 1: Mirrored Set
2019 => 2 disks each 160 GB: 160 GB data
2020 RAID 5: Striped Set with Parity
2021 => 3 disks each 160 GB: 320 GB data; 160 GB redundancy
2023 Common nested RAID levels:
2024 RAID 01: A mirror of stripes
2025 RAID 10: A stripe of mirrors
2026 RAID 30: A stripe across dedicated parity RAID systems
2027 RAID 100: A stripe of a stripe of mirrors
2029 -- http://en.wikipedia.org/wiki/RAID
2031 Tags: raid, raid1, raid5, raid01, raid10, raid100
2033 Logical Volume Management (LVM) with Linux
2038 | hda1 hdc1 (PV:s on partitions or whole disks)
2044 | usrlv rootlv varlv (LV:s)
2046 | ext3 ext3 xfs (filesystems)
2048 Often used commands:
2049 ~~~~~~~~~~~~~~~~~~~~
2051 Create a physical volume:
2052 # pvcreate /dev/hda2
2054 Create a volume group:
2055 # vgcreate testvg /dev/hda2
2057 Create a logical volume:
2058 # lvcreate -n test_lv -L100 testvg
2060 Resize a logical volume:
2061 # lvextend -L+100M /dev/resize_me/resize_me
2062 # resize2fs /dev/resize_me/resize_me # ext2/3
2063 # xfs_growfs /dev/resize_me/resize_me # xfs
2064 # resize_reiserfs -f /dev/resize_me/resize_me # reiserfs online
2065 # mount -o remount,resize /dev/resize_me/resize_me # jfs
2067 Create a snapshot of a logical volume:
2068 # lvcreate -L 500M --snapshot -n mysnap /dev/testvg/test_lv
2070 Deactivate a volume group:
2071 # vgchange -a n my_volume_group
2073 Actually remove a volume group:
2074 # vgremove my_volume_group
2076 Display information about physical volume:
2077 # pvdisplay /dev/hda1
2079 Remove physical volume:
2080 # vgreduce my_volume_group /dev/hda1
2082 Remove logical volume:
2083 # umount /dev/myvg/homevol
2084 # lvremove /dev/myvg/homevol
2087 http://www.tldp.org/HOWTO/LVM-HOWTO/
2089 Tags: lvm, howto, pvcreate, lvcreate
2091 How to use APT locally
2093 Sometimes you have lots of packages .deb that you would like to use APT to
2094 install so that the dependencies would be automatically solved. Solution:
2097 dpkg-scanpackages debs /dev/null | gzip > debs/Packages.gz
2098 echo " deb file:/root debs/" >> /etc/apt/sources.list
2099 dpkg-scansources debs | gzip > debs/Sources.gz
2100 echo " deb-src file:/root debs/" >> /etc/apt/sources.list
2102 See also: http://www.debian.org/doc/manuals/apt-howto/ch-basico.en.html
2106 Check filesystem's LABEL:
2111 ext2/3 without blkid:
2112 # dumpe2fs /dev/sda1 | grep "Filesystem volume name"
2115 # xfs_admin -l /dev/sda1
2117 reiserfs without blkid:
2118 # debugreiserfs /dev/sda1 | grep -i label
2121 # jfs_tune -l /dev/sda1 | grep -i label
2123 reiser4 without blkid:
2124 # debugfs.reiser4 /dev/sda1 | grep -i label
2126 Tags: filesystem, ext2, ext3, ext4, blkid, jfs, xfs, label
2128 Check filesystem's UUID:
2133 ext2/3 without blkid:
2134 # dumpe2fs /dev/sda1 | grep -i UUID
2137 # xfs_admin -u /dev/sda1
2139 reiserfs without blkid:
2140 # debugreiserfs /dev/sda1 | grep -i UUID
2142 reiser4 without blkid:
2143 # debugfs.reiser4 /dev/sda1 | grep -i UUID
2145 Tags: filesystem, ext2, ext3, ext4, blkid, jfs, xfs, uuid
2147 Change a filesystem's LABEL:
2150 # mkswap -L $LABEL /dev/sda1
2153 # e2label /dev/sda1 $LABEL
2154 # tune2fs -L $LABEL /dev/sda1
2157 # reiserfstune -l $LABEL /dev/sda1
2160 # jfs_tune -L $LABEL /dev/sda1
2163 # xfs_admin -L $LABEL /dev/sda1
2166 # echo 'drive i: file="/dev/sda1"' >> ~/.mtoolsrc
2167 # mlabel -s i:$LABEL
2170 # ntfslabel $LABEL /dev/sda1
2172 Tags: filesystem, ext2, ext3, ext4, blkid, jfs, xfs
2174 Disable pdiffs feature of APT:
2177 # echo 'Acquire::PDiffs "false";' >> /etc/apt/apt.conf
2180 # apt-get update -o Acquire::Pdiffs=false
2182 Backup big devices or files and create compressed splitted
2183 image chunks of it using zsplit
2185 Create backup of /dev/sda named archiveofsda_#.spl.zp in directory
2186 /mnt/sda1/backup, split the files up into chunks of 1GB each and set
2187 read/write buffer to 256kB:
2188 # zsplit -b 256 -N archiveofsda -o /mnt/sda1/backup/ -s 1G /dev/sda
2190 Restore the backup using unzsplit:
2191 # unzsplit -D /dev/sda -d archiveofsda
2193 More usage examples: man zsplit + man unzsplit
2195 Tags: backup, reocvery, spllt, limit, howto
2197 Measure network performance using iperf:
2203 % iperf -c <server_address> -V
2207 Server with 128k TCP window size:
2210 Client with running for 60 seconds and bidirectional test:
2211 % iperf -c <server_address> -r -w128k -t60
2213 Tags: network, benchmark
2215 Framebuffer resolutions:
2217 Resolution in pixels
2218 Color depth | 640x480 800x600 1024x768 1280x1024
2219 256 (8bit)| 769 771 773 775
2220 32000 (15bit)| 784 787 790 793
2221 65000 (16bit)| 785 788 791 794
2222 16.7 Mill.(24bit)| 786 789 792 795
2226 Mode 0x0300: 640x400 (+640), 8 bits
2227 Mode 0x0301: 640x480 (+640), 8 bits
2228 Mode 0x0303: 800x600 (+800), 8 bits
2229 Mode 0x0303: 800x600 (+832), 8 bits
2230 Mode 0x0305: 1024x768 (+1024), 8 bits
2231 Mode 0x0307: 1280x1024 (+1280), 8 bits
2232 Mode 0x030e: 320x200 (+640), 16 bits
2233 Mode 0x030f: 320x200 (+1280), 24 bits
2234 Mode 0x0311: 640x480 (+1280), 16 bits
2235 Mode 0x0312: 640x480 (+2560), 24 bits
2236 Mode 0x0314: 800x600 (+1600), 16 bits
2237 Mode 0x0315: 800x600 (+3200), 24 bits
2238 Mode 0x0317: 1024x768 (+2048), 16 bits
2239 Mode 0x0318: 1024x768 (+4096), 24 bits
2240 Mode 0x031a: 1280x1024 (+2560), 16 bits
2241 Mode 0x031b: 1280x1024 (+5120), 24 bits
2242 Mode 0x0330: 320x200 (+320), 8 bits
2243 Mode 0x0331: 320x400 (+320), 8 bits
2244 Mode 0x0332: 320x400 (+640), 16 bits
2245 Mode 0x0333: 320x400 (+1280), 24 bits
2246 Mode 0x0334: 320x240 (+320), 8 bits
2247 Mode 0x0335: 320x240 (+640), 16 bits
2248 Mode 0x0336: 320x240 (+1280), 24 bits
2249 Mode 0x033c: 1400x1050 (+1408), 8 bits
2250 Mode 0x033d: 640x400 (+1280), 16 bits
2251 Mode 0x033e: 640x400 (+2560), 24 bits
2252 Mode 0x0345: 1600x1200 (+1600), 8 bits
2253 Mode 0x0346: 1600x1200 (+3200), 16 bits
2254 Mode 0x034d: 1400x1050 (+2816), 16 bits
2255 Mode 0x035c: 1400x1050 (+5632), 24 bits
2257 Tags: framebuffer, resolution
2259 Portscan using netcat:
2261 # netcat -v -w2 <host|ip-addr.> 1-1024
2263 Run apt-get but disable apt-listchanges:
2265 APT_LISTCHANGES_FRONTEND=none apt-get ...
2267 Upgrade system but disable apt-listbugs:
2269 APT_LISTBUGS_FRONTEND=none apt-get ...
2271 Set up a Transparent Debian Proxy
2273 Install of apt-cacher, the default config will do:
2274 # apt-get install apt-cacher
2276 Check out the ip address of debian mirror(s).
2277 Then add this to your firewall script:
2279 DEBIAN_MIRRORS="141.76.2.4 213.129.232.18"
2280 for ip in ${DEBIAN_MIRRORS} ; do
2281 ${IPTABLES} -t nat -A PREROUTING -s $subnet -d $ip -p tcp --dport 80 -j REDIRECT --to-port 3142
2284 where ${IPTABLES} is the location of your iptables binary
2285 and $subnet is your internal subnet.
2287 Now everybody in your subnet who does access either
2288 ftp.de.debian.org or ftp.at.debian.org will actually
2289 access your apt-cacher instead.
2291 To use apt-cacher on the router itself, add the following
2292 line to your /etc/apt/apt.conf:
2294 Acquire::http::Proxy "http://localhost:3142/";
2296 Tags: proxy, debian, apt-get, howto
2298 Version control using Mercurial
2300 Setting up a Mercurial project:
2303 % hg init # creates .hg
2304 % hg add # add all files
2305 % hg commit # commit all changes, edit changelog entry
2307 Branching and merging:
2309 % hg clone linux linux-work # create a new branch
2314 % hg pull ../linux-work # pull changesets from linux-work
2315 % hg merge # merge the new tip from linux-work into
2316 # (old versions used "hg update -m" instead)
2317 # our working directory
2318 % hg commit # commit the result of the merge
2322 % cat ../p/patchlist | xargs hg import -p1 -b ../p
2330 % hg export 1234 > foo.patch # export changeset 1234
2332 Export your current repo via HTTP with browsable interface:
2334 % hg serve -n "My repo" -p 80
2336 Pushing changes to a remote repo with SSH:
2338 % hg push ssh://user@example.com/~/hg/
2340 Merge changes from a remote machine:
2342 host1% hg pull http://foo/
2343 host2% hg merge # merge changes into your working directory
2345 Set up a CGI server on your webserver:
2346 % cp hgwebdir.cgi ~/public_html/hg/index.cgi
2347 % $EDITOR ~/public_html/hg/index.cgi # adjust the defaults
2349 Download binary codecs for mplayer:
2351 # /usr/share/mplayer/scripts/win32codecs.sh
2355 # /usr/share/mplayer/scripts/binary_codecs.sh install
2357 (depending on the mplayer version you have).
2359 To play encrypted DVDs and if you are living in a country where using
2360 libdvdcss code is not illegal can install Debian package libdvdread3
2361 and use the script /usr/share/doc/libdvdread3/install-css.sh.
2363 Read manpages of uninstalled packages with debman:
2365 % debman -p git-core git
2367 Test network performance using netperf:
2373 # netperf -t TCP_STREAM -H 192.168.0.41
2375 Tags: benchmark, network
2377 Setup Xen within 20 minutes on Debian/grml
2379 Install relevant software und update grub's menu.lst (Xen does not work with
2380 usual lilo so install grub instead if not done already):
2382 apt-get install linux-image-2.6.18-1-xen-686 xen-hypervisor-3.0.3-1-i386 \
2383 xen-utils-3.0.3-1 xen-tools bridge-utils
2386 Example for installation of Debian etch as DomU:
2389 xen-create-image --debootstrap --dir=/mnt/md1/xen --size=2Gb --memory=512Mb --fs=ext3 \
2390 --cache=yes --dist=etch --hostname=xengrml1 --ip 192.168.1.2 --netmask 255.255.255.0 \
2391 --gateway 192.168.1.1 --initrd=/boot/initrd.img-2.6.18-1-xen-686 \
2392 --kernel=/boot/vmlinuz-2.6.18-1-xen-686 --mirror=http://ftp.at.debian.org/debian/
2396 /etc/init.d/xend start
2397 /etc/init.d/xendomains start
2399 Setup a bridge for network, either manually:
2401 brctl addbr xenintbr
2402 brctl stp xenintbr off
2403 brctl sethello xenintbr 0
2404 brctl setfd xenintbr 0
2405 ifconfig xenintbr 192.168.1.1 netmask 255.255.255.0 up
2407 or via /etc/network/interfaces (run ifup xenintbr to bring up the device then
2411 iface xenintbr inet static
2412 pre-up brctl addbr xenintbr
2413 post-down brctl delbr xenintbr
2415 netmask 255.255.255.0
2420 Setup forwarding (adjust $PUBLIC_IP; for permanet setup use /etc/sysctl.conf and
2421 add the iptables commands to a startup script like /etc/init.d/rc.local):
2423 echo 1 > /proc/sys/net/ipv4/ip_forward
2424 iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j SNAT --to $PUBLIC_IP
2425 iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to $PUBLIC_IP
2427 Adjust network configuration of Xend:
2429 cat >> /etc/xen/xend-config.sxp << EOF
2430 (network-script network-route)
2431 (vif-bridge xenintbr)
2432 (vif-script vif-bridge)
2435 List domains, start up a DomU, shutdown later again:
2437 xm create -c /etc/xen/xengrml1.cfg
2441 This HowTo is also available online at http://grml.org/xen/
2443 Tags: howto, xen, grml
2445 Play tetris with zsh:
2449 bindkey "^Xt" tetris
2451 Now press 'ctrl-x t'.
2453 Set up a router with grml
2455 Run grml-router script:
2458 Install dnsmasq if not already present:
2459 # apt-get update ; apt-get install dnsmasq
2461 Adjust /etc/dnsmasq.conf according to your needs:
2462 # cat >> /etc/dnsmasq.conf << EOF
2465 dhcp-range=19.168.0.124,192.168.0.254,1m # dhcp range
2466 dhcp-option=3,192.168.0.1 # dns server
2467 dhcp-option=1,255.255.255.0 # netmask
2470 Start dnsmasq finally:
2473 Tags: network, router, grml
2475 Display stats about memory allocations performed by a program:
2477 Usage example for 'ls':
2479 % LD_PRELOAD=/lib/libmemusage.so ls > /dev/null
2481 Use KVM (Kernel-based Virtual Machine for Linux):
2483 Make sure to install the relevant tools:
2484 # apt-get update ; apt-get install kvm
2487 Test it with a minimal system like ttylinux:
2488 # wget http://www.minimalinux.org/ttylinux/packages/bootcd-i386-5.3.iso.gz
2489 # gzip -d bootcd-i386-5.3.iso.gz
2490 # kvm -cdrom bootcd-i386-5.3.iso
2492 EEPROM data decoding for SDRAM DIMM modules:
2495 # /usr/share/doc/lm-sensors/examples/eeprom/decode-dimms.pl
2499 Make sure your device is supported by Linux and running.
2500 See http://www.linuxtv.org/ for more details.
2502 If the DVB device works on your system (see 'hwinfo --usb'
2503 when using a DVB usb device for example), then make sure you
2504 have the scan util from dvb-utils available:
2506 # aptitude install dvb-utils
2508 Then create a channels.conf configuration file:
2510 % scan /usr/share/doc/dvb-utils/examples/scan/... > ~/.mplayer/channels.conf
2512 You can find some example configuration files on
2513 your grml system in ~/.channels. Usage example:
2515 % ln -s ~/.mplayer/channels.conf-AT-graz ~/.mplayer/channels.conf
2517 Tip: w_scan (see http://free.pages.at/wirbel4vdr/w_scan/index2.html)
2518 might be useful if you do not know the initial configuration
2521 Get the lastest mercurial snapshot:
2523 Make sure you have the python-dev package available:
2524 # apt-get update ; apt-get install python-dev
2526 Get and build the source:
2527 % hg clone http://selenic.com/repo/hg mercurial
2530 % export PYTHONPATH=$(pwd)
2531 % export PATH=$PATH:$(pwd)
2533 now you should have the newest version of mercurial whenever you execute hg.
2535 To update to the lastest development snapshot, additionally use
2536 the following commands:
2537 % hg pull -u http://hg.intevation.org/mercurial/crew
2543 Available bootoptions relevant in live-cd mode:
2544 -----------------------------------------------
2546 * utc: set UTC, if your system clock is set to UTC (GMT)
2547 * gmt: set UTC, if your system clock is set to UTC (GMT) [like bootoption utc]
2548 * tz=$option: set timezone to corresponding $option, usage example:
2551 Configuration options relevant on harddisk installation:
2552 --------------------------------------------------------
2554 * Use the tzconfig utility to set the local timezone:
2558 which adjusts /etc/timezone and /etc/localtime according
2559 to the provided information. Running:
2561 # dpkg-reconfigure tzdata
2563 might be useful as well.
2565 * /etc/default/rcS: set variable UTC according to your needs,
2566 whether your system clock is set to UTC (UTC='yes') or
2569 * /etc/localtime: adjust zoneinfo according to your needs:
2571 # ln -sf /usr/share/zoneinfo/$WHATEVER_YOU_WANT /etc/localtime
2573 The zoneinfo directory contains the time zone files that were
2574 compiled by zic. The files contain information such as rules
2575 about DST. They allow the kernel to convert UTC UNIX time into
2576 appropriate local dates and times. Use the zdump utility to
2577 print current time and date (in the specified time zone).
2579 * /etc/adjtime: This file is used e.g. by the adjtimex function,
2580 which can smoothly adjust system time while the system runs
2582 * If you change the time (using 'date --set ...', ntpdate,...)
2583 it is worth setting also the hardware clock to the correct time:
2585 # hwclock --systohc [--utc]
2587 Remember to add the --utc -option if the hardware clock is set
2593 Check your current settings via:
2596 zdump /etc/localtime
2599 grep hwclock /etc/runlevel.conf
2600 grep '^UTC' /etc/default/rc
2602 Further information:
2603 --------------------
2605 hwclock(8) tzselect(1) tzconfig(8)
2606 http://www.debian.org/doc/manuals/system-administrator/ch-sysadmin-time.html
2607 http://wiki.debian.org/TimeZoneChanges
2609 Tags: timezone, rtc, configuration
2611 Recorder shellscript session using script:
2613 % script -t 2>~/upgrade.time -a ~/upgrade.script
2614 % scriptreplay ~/upgrade.time ~/upgrade.script
2616 Test UTF-8 capabilities of terminal:
2618 wget http://www.linux-cjk.net/Console/garabik/UTF-8-demo.txt.gz
2619 zcat UTF-8-demo.txt.gz
2623 wget http://www.cl.cam.ac.uk/~mgk25/ucs/examples/UTF-8-test.txt
2626 UTF-8 at grml / some general information regarding Unicde/UTF-8:
2628 http://wiki.grml.org/doku.php?id=utf8
2631 This allows one ssh connection attepmt per minute per source ip, with a initial
2632 burst of 10. The available burst is like a counter which is initialised with
2633 10. Every connection attempt decrements the counter, and every minute where the
2634 connection limit of one per minute is not overstepped the counter is
2635 incremented by one. If the burst counter is exhausted the real rate limit
2636 comes into play. This gives you 11 connectionattepmts in the first minute
2637 before blocked for 10minutes. After 10 minutes block the game restarts.
2639 Hint: you could set the burst value to 5 and the block time to only 5 minutes
2640 to achive the same average connection rate but with halve the block time.
2642 iptables -A inet_in -p tcp --syn --dport 22 -m hashlimit --hashlimit-name ssh \
2643 --hashlimit 1/minute \ --hashlimit-burst 10 --hashlimit-mode srcip \
2644 --hashlimit-htable-expire 600000 -j ACCEPT
2645 iptables -A inet_in -p tcp --dport 22 -m state --state NEW -j REJECT
2647 Tunnel a specific connection via socat:
2650 % socat TCP4-LISTEN:8003 TCP4:gateway:500
2653 # socat TCP4-LISTEN:500,fork TCP4:target:$PORT
2655 Using localhost:8003 on the client uses the tunnel now.
2659 # date --set=060916102007
2661 where the bits are month(2)/day(2)/hour(2)/minute(2)/year(4)
2663 Set date using a relative date:
2669 # date -s '+tomorrow'
2671 Display a specific relative date:
2673 # date -d '+5 days -2 hours'
2675 Don't forget to set hardware clock via:
2679 Booting grml via network / PXE:
2681 Start grml-terminalserver on a system with network access
2682 and where grml is running:
2684 # grml-terminalserver
2686 Then booting your client(s) via PXE should work without
2689 See: man grml-terminalserver + http://grml.org/terminalserver/
2691 Tags: howto, pxe, network, boot
2693 Debugging SSL communications:
2695 % openssl s_client -connect server.adress:993 > output_file
2696 % openssl x509 -noout -text -in output_file
2700 # ssldump -a -A -H -i eth0
2702 See http://prefetch.net/articles/debuggingssl.html for more details.
2704 Tags: debug, ssl, openssl
2706 Remove bootmanager from MBR:
2708 # lilo -M /dev/hda -s /dev/null
2712 Rewrite grub to MBR:
2715 # grub-install --recheck --no-floppy --root-directory=/mnt/sda1 /dev/sda
2719 Rewrite lilo to MBR:
2726 Create screenshot of plain/real console - tty1:
2728 # fbgrab -c 1 screeni.png
2730 Create screenshot when running X:
2734 Tip: use the gkrellshoot plugin when using gkrellm
2736 Tags: screenshot, xorg
2738 Redirect all connections to hostA:portA to hostB:portB, where hostA and hostB are
2741 Run the following commands on hostA:
2743 echo 1 > /proc/sys/net/ipv4/ip_forward
2744 iptables -t nat -A PREROUTING -p tcp --dport portA -j DNAT --to hostB:portB
2745 iptables -A FORWARD -i eth0 -o eth0 -d hostB -p tcp --dport portB -j ACCEPT
2746 iptables -A FORWARD -i eth0 -o eth0 -s hostB -p tcp --sport portB -j ACCEPT
2747 iptables -t nat -A POSTROUTING -p tcp -d hostB --dport portB -j SNAT --to-source hostA
2749 Tags: howto, network, redirect, port
2751 Flash BIOS without DOS/Windows:
2753 Dump flash info and set the flash chip to writable:
2756 Backup the original BIOS:
2757 # flashrom -r backup.bin
2759 Notice: the following step will overwrite your current BIOS!
2760 So make sure you really know what you are doing.
2762 Flash the BIOS image:
2763 # flashrom -wv newbios.bin
2765 Also check out LinuxBIOS: http://linuxbios.org/
2767 Enable shadow passwords:
2771 Set up an IPv6 tunnel on grml:
2775 Set up console newsreader slrn for use with Usenet:
2779 Calculate with IPv6 addresses:
2783 For usage examples refer to manpage ipv6calc(8).
2787 Common network debugging tools for use with IPv6:
2798 Set up NFS (Network File System):
2802 Make sure the relevant services are running on the server side:
2804 # /etc/init.d/portmap start
2805 # /etc/init.d/nfs-common start
2806 # /etc/init.d/nfs-kernel-server start
2808 Export shares via /etc/exports:
2810 /backups 192.168.1.100/24(rw,wdelay,no_root_squash,async,subtree_check)
2812 ... or manually export a directory running:
2814 # exportfs -o rw,wdelay,no_root_squash,async,subtree_check 192.168.1.100:/backups
2816 and unexport a share running:
2818 # exportfs -u 192.168.1.100:/backups
2820 and every time when you modify /etc/exports file run
2824 Display what NFS components are running:
2828 Display list of exported shares:
2836 Make sure the relevant services are running on the client side:
2838 # /etc/init.d/portmap start
2839 # /etc/init.d/nfs-common start
2841 Verify that the server allows you to access its RPC/NFS services:
2843 # rpcinfo -p server_name
2845 Check what directories the server exports:
2847 # showmount -e server_name
2849 On the client side you can use something like the following in /etc/fstab:
2851 192.168.1.101:/backups /mnt/nfs nfs defaults,users,wsize=8192,rsize=8192 0 0
2853 Tags: nfs, howto, network
2857 # aptitude install cloop-src
2860 # modprobe cloop file=/path/to/cloop/file
2861 # mount -r -t iso9660 /dev/cloop /mnt/test
2863 Create a PS/PDF of a plaintext file:
2865 % a2ps --medium A4dj -E -o output.ps input_file
2868 Print two pages on one in a PDF file:
2870 % pdfnup --nup 2x1 input.pdf
2872 Concatenate, extract pages/parts, encrypt/decrypt,
2873 compress PDFs using 'pdftk'.
2875 Read a PS/PDF file on console:
2879 or on plain framebuffer console in graphical mode:
2881 % pdf2ps file.pdf ; ps2png file.ps file.png ; fbi file.png
2887 Bypass the password of a PDF file:
2889 % gs -q -dNOPAUSE -sDEVICE=pdfwrite -sOutputFile=output.pdf input.pdf -c quit
2895 This will record a AIFF audio file.
2897 Change passphrase / password of an existing SSH key:
2901 Enable syntax highlighting in nano:
2903 Just uncomment the include directives for your respective
2904 language at the bottom of the file /etc/nanorc
2906 Create netboot package for grml-terminalserver:
2908 # bash /usr/share/doc/grml-terminalserver/examples/create-netboot
2910 To boot grml via network (PXE) check out grml-terminalserver:
2912 # grml-terminalserver
2914 See http://grml.org/terminalserver/ for more details.
2918 Using the 'Orientation' tag of the Exif header, rotate
2919 the image so that it is upright:
2920 % jhead -autorot *.jpg
2922 Manually rotate a picture:
2923 % convert -rotate 270 input.jpg output.jpg
2925 Rename files based on the information inside their exif header:
2927 % jhead -n%Y-%m-%d_%Hh%M_%f *.jpg
2929 This will rename a file named img_2071.jpg to something like:
2931 2007-08-17_10h38_img_2071.jpg
2933 if it was shot at 10:38 o'clock on 2007-08-17 (according to
2934 the information inside the exif header).
2936 Calculate network / netmask:
2939 % ipcalc 10.0.0.28 255.255.255.0
2940 % ipcalc 10.0.0.0/24
2942 Blacklist a kernel module:
2944 # blacklist <name_of_kernel_module>
2946 -> running 'blacklist hostap_cs' for example will generate an
2947 entry like this in /etc/modprobe.d/grml:
2952 To remove the module from the blacklist again just invoke:
2954 # unblacklist <name_of_kernel_module>
2956 or manually remove the entry from /etc/modprobe.d/grml.
2958 Create a Debian package of a perl module:
2960 % dh-make-perl --cpan Acme::Smirch --build
2962 The Magic SysRq Keys (SysReq or Sys Req, short for System Request):
2964 To reboot your system using the SysRq keys just hold down the Alt and
2965 SysRq (Print Screen) key while pressing the keys REISUB ("Raising
2966 Elephants Is So Utterly Boring").
2968 R = take the keyboard out of raw mode
2969 E = terminates all processes (except init)
2970 I = kills all processes (except init)
2971 S = synchronizes the disk(s)
2972 U = remounts all filesystems read-only
2973 B = reboot the system
2975 Notice: use O instead of B for poweroff.
2977 Or write the sequence to /proc/sysrq-trigger instead:
2979 # for i in r e i s u b ; do echo $i > /proc/sysrq-trigger ; done
2981 To enable or disable SysRq calls:
2983 # echo 0 > /proc/sys/kernel/sysrq
2984 # echo 1 > /proc/sys/kernel/sysrq
2986 See http://en.wikipedia.org/wiki/Magic_SysRq_key for more details.
2988 Tags: reboot, documentation, sysrq, magic
2992 Just boot your grml Live-CD with "memtest" to execute a memcheck/memtest
2995 Tunnel TCP-Traffic through DNS using dns2tcp:
2999 1. Create necessary DNS-Records:
3000 dnstun.example.com. 3600 IN NS host.example.com.
3001 dnstun.example.com. 3600 IN A 192.168.1.1
3002 host.example.com. 3600 IN A 192.168.1.1
3004 2. Configure dns2tcpd on host.example.com.:
3005 # cat /etc/dns2tcpd.conf
3006 listen = 192.168.1.1 #the ip dns2tcpd should listen on
3007 port = 53 #" port " " " "
3010 domain = dnstun.example.com. # the zone as specified inside dns
3011 ressources = ssh:127.0.0.1:22 # available resources
3013 3. Start the daemon:
3014 # cat > /etc/default/dns2tcp << EOF
3015 # Set ENABLED to 1 if you want the init script to start dns2tcpd.
3019 # /etc/init.d/dns2tcp start
3023 You have two possibilities:
3024 - Use the DNS inside your network (DNS must allow resolving for external domains)
3025 # grep nameserver /etc/resolv.conf
3026 nameserver 172.16.42.1
3027 # dns2tcpc -z dnstun.example.com 172.16.42.1
3028 Available connection(s) :
3030 # dns2tcpc -r ssh -l 2222 -z dnstun.example.com 172.16.42.1 &
3031 Listening on port : 2222
3032 # ssh localhost -p 2222
3033 user@host.example.com:~#
3035 - Directly contact the endpoint (port 53 UDP must be allowed outgoing)
3036 # dns2tcpc -z dnstun.example.com dnstun.example.com
3037 Available connection(s) :
3039 # dns2tcpc -r ssh -l 2222 -z dnstun.example.com dnstun.example.com &
3040 Listenning on port : 2222
3041 # ssh localhost -p 2222
3042 user@host.example.com:~#
3044 Notice: using 'ssh -D 8080 ..' you will get a socks5-proxy listening on
3045 localhost:8080 which you can use to tunnel everything through your "dns-uplink".
3047 Tags: howto, network, tunnel
3049 Configure a MadWifi device for adhoc mode:
3051 Disable the autocreation of athX devices:
3052 # echo "options ath_pci autocreate=none" > /etc/modprobe.d/madwifi
3054 Remove the autocreated device for now:
3055 # wlanconfig ath0 destroy
3057 Configuration in /etc/network/interfaces:
3059 iface ath0 inet static
3065 - Do not use interface names without ending 0 (otherwise startup fails).
3066 - Only chooss unique names for interfaces.
3068 Find dangling symlinks using zsh:
3072 Use approx with runit supervision
3073 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3075 Install the packages:
3076 # apt-get install approx runit
3078 Add user approxlog for the logging daemon:
3079 # adduser --system --home /nonexistent --no-create-home approxlog
3081 Create config directory:
3082 # mkdir /etc/sv/approx
3084 Use /var/run/sv.approx as supervise directory:
3085 # ln -s /var/run/sv.approx /etc/sv/approx/supervise
3087 # cat > /etc/sv/approx/run << EOF
3089 echo 'approx starting'
3093 You normally do not need a logging service for approx because it logs
3094 to syslog too. So just for completion:
3095 # mkdir -p /etc/sv/approx/log
3096 # ln -s /var/run/sv.approx.log /etc/sv/approx/log/supervise
3097 # cat > /etc/sv/approx/log/run << EOF
3100 LOG="/var/log/approx"
3101 test -d "$LOG" || mkdir -p -m2750 "$LOG" && chown approxlog:adm "$LOG"
3102 exec chpst -uapproxlog svlogd -tt -v "$LOG"
3105 Now activate the new approx service (will be started within 5s):
3106 # ln -s /etc/sv/approx/ /var/service/
3108 Make approx managed via runit available via init-script interface:
3109 # dpkg-divert --local --rename /etc/init.d/approx
3110 # ln -s /usr/bin/sv /etc/init.d/approx
3112 Remote-reboot a grml system using SysRQ via /proc (execute as root):
3117 echo b > /proc/sysrq-trigger
3119 Tags: reboot, howto, grml, network
3121 Show what happens on /dev/sda0:
3123 # mount the debugfs to relay kernel info to userspace
3124 mount -t debugfs none /sys/kernel/debug
3126 # is a convenient wrapper arround blktrace and blkparse
3129 Tags: debug, block, partition, trace
3131 Convert Flash to Avi:
3133 % ffmpeg -i input.flv output.avi
3135 Extract MP3 from Flash file:
3137 % for i in *.flv; do ffmpeg -i $i -acodec copy ${i%.flv}.mp3 ; done
3139 Usage example for cryptsetup / -luks encrypted partition on LVM:
3141 volume group name: x61
3142 logical volume name: home
3144 echo "grml-crypt_home /dev/mapper/x61-home none luks" >> /etc/crypttab
3146 mount /dev/mapper/grml-crypt_home /mnt/test
3148 fdisk/parted/... complains with something like
3149 'unable to open /dev/sda - unrecognised disk label'?!
3151 See http://grml.org/faq/#fdisk =>
3153 * use /sbin/fdisk.distrib from util-linux
3154 * switch to sfdisk, cfdisk,...
3155 * use parted's mklabel command (but please read the
3156 parted manual before executing this command)
3158 dmraid - support for SW-RAID / FakeRAID controllers
3159 like Highpoint HPT and Promise FastTrack
3161 Activate all software RAID sets discovered:
3164 Deactivates all active software RAID sets:
3167 Discover all software RAID devices supported on the system:
3170 Extract winmail.dat:
3175 Extract files to current directory:
3176 % ytnef -f . winmail.dat
3178 Approx - Debian package proxy/cacher howto
3180 % apt-get install approx
3181 % echo 'debian http://ftp.de.debian.org/debian' >>/etc/approx/approx.conf
3184 Add your new approx to sources.list
3187 deb http://localhost:9999/debian unstable main contrib non-free
3189 use approx in grml-debootstrap like:
3190 % grml-debootstrap -r squeeze -t /dev/sda1 -m http://127.0.0.1:9999/debian
3192 Simple webserver with python:
3194 % python -m SimpleHTTPServer
3196 Upgrade only packages from the grml-stable Debian repository:
3198 echo 'deb http://deb.grml.org/ grml-stable main' > /etc/apt/grml-stable.list
3199 apt-get -o Dir::Etc::sourcelist=/etc/apt/grml-stable.list -o Dir::Etc::sourceparts=/doesnotexist update
3202 Install Centos into a directory:
3204 % febootstrap centos-5 directory http://mirror.centos.org/centos-5/5.3/os/i386/
3206 Install Fedora into a directory:
3208 % febootstrap fedora-11 target_directory
3210 Use Nessus / OpenVAS (remote network security auditor):
3212 Install software packages:
3214 # apt-get install openvas-client openvas-server openvas-plugins-base openvas-plugins-dfsg
3219 Start openvas server (takes a while):
3220 # Start openvas-server
3222 Invoke client as user:
3225 Find packages not available from any active apt repository:
3227 % apt-show-versions | awk '/No available version in archive/{print $1}'
3229 Simple mailserver with python:
3231 % python -m smtpd -n -c DebuggingServer localhost:1025
3235 echo $USER | nc $HOST 79
3237 Install Archlinux using Grml:
3239 https://wiki.archlinux.org/index.php/Install_from_Existing_Linux
3241 wget http://tokland.googlecode.com/svn/trunk/archlinux/arch-bootstrap.sh
3243 Export blockdevices via AoE (ATA over Ethernet):
3245 % vblade -m 11:22:33:44:55:66 160 2 eth0 /dev/sdb1
3247 Allow the host with the mac address 11:22:33:44:55:66 to access /dev/sdb1
3248 via eth0, using the shelf and slot numbers 160 and 2. These numbers are
3249 arbitrary but should be unique within the network.
3251 A word of warning: AoE is prone to all kind of nasty ethernet attacks,
3252 especially arp spoofing. Do not use in hostile networks.
3254 Tags: aoe, blockdevice, export, server
3256 Access blockdevices via AoE (ATA over Ethernet):
3260 and the device should show up under /dev/etherd/. If your shelf and
3261 slot numbers re 160 and 2 the device will be /dev/etherd/e160.2
3263 A word of warning: AoE is prone to all kind of nasty ethernet attacks,
3264 especially arp spoofing. Do not use in hostile networks.
3266 Tags: aoe, blockdevice, export, client