Release new version 0.7.3

[grml-tips.git] / grml_tips

Configure network:

# grml-network

Tags: configuration, network
-- 
Deactivate error correction of zsh:

% NOCOR=1 zsh

Run zsh-help for more information regarding zsh.

Tags: zsh, configuration
-- 
Disable automatic setting of title in GNU screen:

% NOPRECMD=1 zsh

Set it manually e.g. via:

% screen -X title foobar

Run zsh-help for more information regarding zsh.

Tags: zsh, configuration
-- 
Do not use menu completion in zsh:

% NOMENU=1 zsh

Run zsh-help for more information regarding zsh.

Tags: zsh, configuration
-- 
Run GNU screen with grml-configuration:

% grml-screen

or

% screen -c /etc/grml/screenrc

Tags: screen, configuration
-- 
Print out grml-version:

% grml-version

Tags: grml
-- 
Configure mutt:

% grml-mutt

Tags: mutt
-- 
Use encrypted files / partitions:

# grml-crypt <options>

Usage example:

Initialize:

# grml-crypt format /mnt/external1/encrypted_file /mnt/test
# cp big_file /mnt/test
# grml-crypt stop /mnt/test

Use:

# grml-crypt start /mnt/external1/encrypted_file /mnt/test
# grml-crypt stop /mnt/test

See: man grml-crypt

Tags: crypto, grml-crypt, dmcrypt, luks
-- 
Change resolution of X:

% xrandr -s '1024x768'

Tags: x11, xorg, resolution
-- 
Change resolution of framebuffer:

# fbset 800x600-60

Tags: resolution
-- 
Configure newsreader slrn:

% grml-slrn

Tags: slrn
-- 
Configure grml system:

# grml-config

Or directly run scripts:

# grml-config-root
% grml-config-user

Tags: grml, configuration
-- 
Lock screen (X / console):

% grml-lock

Press ctrl-alt-x to lock a GNU screen session.

Tags: grml, lock, grml-lock, screen
-- 
Change wallpaper in X:

% grml-wallpaper <press-tab>

Tags: grml, wallpaper
-- 
Start X window system (XFree86 / Xorg / X.org):

% grml-x $WINDOWMANAGER

Usage examples:

% grml-x fluxbox
% grml-x -mode '1024x768' fluxbox
% grml-x -nosync

Tags: grml-x, x11, xorg, graphic
-- 
Collect hardware information:

% grml-hwinfo

or run as root to collect some more information:

# grml-hwinfo

will generate a file named info.tar.bz2.

Tags: grml, hardware, hwinfo, collect
-- 
Configure hardware detection features of harddisk installation:

# grml-autoconfig

or manually edit /etc/grml/autoconfig[.small]

See: man grml-autoconfig

Tags: grml, installation, configuration
-- 
Bootoptions / cheatcodes / bootparams for booting grml:

On the grml-ISO if not running grml:
% less /cdrom/GRML/grml-cheatcodes.txt

When running grml:
% most /usr/share/doc/grml-docs/grml-cheatcodes.txt.gz

Tags: grml, cheatcodes, boot, bootoptions, bootparam
-- 
Report bugs to Debian's Bug Tracking System (BTS):

% reportbug --bts debian

or adjust /etc/reportbug.conf to your needs.

See:

  http://grml.org/bugs/
  http://www.debian.org/Bugs/

Tags: bug, reportbug, bts, debian
-- 
Offline documentation:

% grml-info

Online documentation:

  http://grml.org/faq/
  http://grml.org/docs/
  http://wiki.grml.org/doku.php

Tags: info, grml, grml-info, documentation
-- 
Mount NTFS partition (read-write):

# mount.ntfs-3g /dev/sda1 /mnt/sda1

Tags: ntfs, mount
-- 
Overwrite specific file on an NTFS partition:

ntfscp /dev/hda1 /tmp/file_source path/to/file_target
-- 
Resize an NTFS partition:

# ntfsresize ..

Usage example:

ntfsresize -n -s 10G /dev/hda1 # testcase
ntfsresize -s 10G /dev/hda1    # testing was successfull, now really resize partition
cfdisk /dev/hda   # delete partition hda1, create new one with 10000MB and fs-type 07 (NTFS)

Tags: ntfs, resize, ntfsresize
-- 
Modify resolution for intel graphic chipsets:

# 915resolution ..

Usage example:

# 915resolution 4d 1400 1050
-- 
Connect bluetooth mouse:

# bt-hid start

... and press 'connect' button on your bluetooth device.
-- 
Connect bluetooth headset:

# bt-audio start

... and press 'connect' button on your bluetooth device.
-- 
Secure delete file / directory / partition:

# wipe -kq /dev/hda1

See: man wipe

Also take a look at shred(1), sfill(1) and http://dban.sourceforge.net/

Tags: delete, secure, wipe, shred
-- 
Development information regarding grml:

  http://blog.grml.org/

Tags: blog, grml, developmnet
-- 
Contact Grml team:

#grml on irc.freenode.org - http://grml.org/irc/
http://grml.org/contact/

Tags: contact, irc, freenode, email
-- 
Join the grml mailinglist:

http://grml.org/mailinglist/

Tags: grml, mailinglist
-- 
Help us - donate!

http://grml.org/donations/

Tags: grml, donation
-- 
Commercial support / system administration / adjusted live-cds:

grml-solutions: http://grml.org/solutions/

Tags: grml, commercial, customize
-- 
Information regarding the kernel provided by grml:

  http://grml.org/kernel/

Tags: documentation, grml, kernel
-- 
SMTP command-line test tool:

% swaks <options>

Usage example:

% swaks -s $MAILSERVER -tlsc -a -au $ACCOUNT -ap $PASSWORD -f $MAILADRESSE -t $MAILADRESSE

See: man swaks

Tags: swak, smtp, test
-- 
NTFS related packages:

scrounge-ntfs
salvage-ntfs
ntfsprogs

Tags: utils, ntfs
-- 
Modify service through init script:

# Start ssh
# Stop samba
# Restart apache
# Reload postfix
# service gpm start
# /etc/init.d/lvm start

Tags: init, script, start, stop
-- 
Test joystick:

# jstest /dev/input/js0
-- 
Play movie:

% mplayer /path/to/movie

Tags: movie, mplayer
-- 
Use webcam with mplayer:

% mplayer tv:// -tv driver=v4l:width=352:height=288:outfmt=yv12:device=/dev/video0

Tags: webcam, mplayer
-- 
Powerful network discovery tool:

# scapy

Tags: network, python, tool
-- 
Grab an entire CD and compress it to Ogg/Vorbis,
MP3, FLAC, Ogg/Speex and/or MPP/MP+(Musepack) format:

% abcde

Tags: rip, abcde, mp3, transcode, audio
-- 
Show a console session in several terminals:

% gems
-- 
Switch behaviour of caps lock key:

% caps-ctrl
-- 
grep with Perl-compatible regular expressions:

% pcregrep
-- 
ncp: a fast file copy tool for LANs

Local (send file):
% npush file_to_copy

Remote (receive file):
% npoll

Tags: copy, file, network
-- 
utility for sorting records in complex ways:

% msort
-- 
a smaller, cheaper, faster SED implementation:

% minised
-- 
zsh tips:

% man zsh-lovers

See: http://grml.org/zsh/
-- 
zsh reference card for grml system:

http://grml.org/zsh/
/usr/share/doc/grml-docs/zsh/grml-zsh-refcard.pdf.gz
-- 
Multiple rename:

% for i in foo* ; do mv "$i" "bar${i/foo}" ; done
% qmv foo*
% prename 's/foo/bar/' foo*
% mmv "foo*"   "bar#1"
% zmv 'foo(*)' 'bar$1'
-- 
Test TFT / LCD display:

% lcdtest
-- 
Test sound:

% soundtest
-- 
Improved grep version:

% glark
-- 
Grep with highlighting:

% grep --color=auto ...
% hgrep ...

Tags: grep, color, highlight
-- 
Extract matches when grepping:

Usage examples:
% ifconfig | grepc 'inet addr:(.*?)\s'
% ifconfig | glark --extract-matches 'inet addr:(.*?)\s'
-- 
Output text as sound:

% say 'ghroummel'
% xsay            # when running X and text selected via mouse
-- 
Get information on movie files:

% tcprobe -i file.avi
-- 
Get an overview of your image files:

% convert 'vid:*.jpg' thumbnails.jpg
-- 
List all standard defines:

% gcc -dM -E - < /dev/null
-- 
Send a mail as reminder:

echo "mail -s 'check TODO-list' $MAILADDRESS < /dev/null" | at 23:42
-- 
ncurses-based presentation tool:

% tpp

See: man tpp and /usr/share/doc/tpp/examples/
-- 
Use ICQ / Jabber / Yahoo! / AIM / MSN /... on command line:

% centericq
-- 
Use IRC on command line:

% irssi
-- 
Diff / merge files:

% vimdiff file1 file2

Re-diffing:

:diffupdate

Moving between diffs:

[c
]c

Synchronizing:

:diffget
:diffput
-- 
Hardware monitoring without kernel dependencies:

% mbmon
-- 
Install grml-iso to usb-stick:

% grml2usb grml.iso /mount/point

Tags: usbpen, usbstick, installation, grml2usb
-- 
Use mplayer on framebuffer console:

% mplayer -vo fbdev ...
-- 
Use links2 on framebuffer console:

% links2 -driver fb ...
-- 
Switch language / keyboard:

* use the bootparam lang to set language environment ($LANG, $LC_ALL, $LANGUAGE)
* use the bootparams keyboard / xkeyboard to activate specific keyboard layout
  Usage example: 'grml lang=us keyboard=de xkeyboard=de'

Or run one of the following commands:

% grml-lang de
or
# loadkeys i386/qwertz/de-latin1-nodeadkeys.kmap.gz # console
% setxkbmap de                                      # X11

Tags: language, keyboard, configuration
-- 
Switch setting of caps-control key (switch between ctrl + shift) on keyboard:

# caps-ctrl
-- 
Mount usb device / usb stick:

% mount /mnt/external1   # corresponds to /dev/sda1
or
% mount /mnt/external    # corresponds to /dev/sda
-- 
Install Sun Java packages:

Download j2re.bin-file from http://java.sun.com/downloads/index.html and run

# apt-get install java-package
# fakeroot make-jpkg j2re-*.bin
# dpkg -i sun-j2re*.deb
# update-alternatives --config java
-- 
Improved dd version:

ddrescue is an improved version of dd which tries to read and
if it fails it will go on with the next sectors, where tools
like dd will fail.

% ddrescue ...

See: man ddrescue
-- 
How to make an audio file (e.g. Musepack format) out of a DVD track:

% mkfifo /tmp/fifo.wav
% mppenc /tmp/fifo.wav track06.mpc &
% mplayer -vo null -vc null -ao pcm:fast:file=/tmp/fifo.wav -dvd-device /dev/dvd dvd://1 -chapter 6-6

Adjust the mppenc line with the encoder you would like to use,
for example 'oggenc -o track06.ogg /tmp/fifo.wav' for ogg files.

Alternative:

% mplayer -vo null -dumpaudio -dumpfile track06.raw -aid N -dvd-device /dev/dvd dvd://1 -chapter 6-6
to extract audio without processing, where 'N' is the corresponding audio channel (see 'man mplayer')

Usage example for getting a PCM/wave file from audio channel 128:
% mplayer -vo null -vc null -ao pcm:fast:file=track06.wav -aid 128 -dvd-device /dev/dvd dvd://6
-- 
Create simple chroot:

# make_chroot_jail $USERNAME
-- 
Convert DOS formated file to unix format:

sed 's/.$//'    dosfile > unixfile       # assumes that all lines end with CR/LF
sed 's/^M$//'   dosfile > unixfile       # in bash/tcsh, press Ctrl-V then Ctrl-M
sed 's/\x0D$//' dosfile > unixfile       # gsed 3.02.80, but top script is easier
awk '{sub(/\r$/,"");print}'              # assumes EACH line ends with Ctrl-M
gawk -v BINMODE="w" '1' infile >outfile  # in DOS environment; cannot be done with
                                         # DOS versions of awk, other than gawk
tr -d \r < dosfile > unixfile            # GNU tr version 1.22 or higher
tr -d '\015' < dosfile > unixfile        # use octal value for "\r" (see man ascii)
tr -d '[\015\032]' < dosfile > unixfile  # sometimes ^Z is appended to DOS-files
vim -c ":set ff=unix" -c ":wq" file      # convert using vim
vim -c "se ff=dos|x" file                # ... and even shorter ;)
recode ibmpc..lat1 file                  # convert using recode
echo -e "s/\r//g" > dos2unix.sed; sed -f dos2unix.sed < dosfile > unixfile

Tags: windows, line, convert, recode, tr, line end,
-- 
Save live audio stream to file:

% mplayer -ao pcm:file=$FILE $URL
-- 
Save live stream to file:

% mplayer -dumpfile $FILE -dumpstream $STREAM

or

% mencoder mms://$URL -o $FILE -ovc copy -oac copy

or

% mimms mms://file.wmv
-- 
Merge video files:

AVI:

% avimerge -i *.avi -o blub.avi

MPEG:

% cat *.mpg > blub.mpg

WMV:

% mencoder file1.wmv -ovc lavc -oac lavc -ofps 25 -srate 48000 -mc 0 -noskip -forceidx -o file1.avi
% mencoder file2.wmv -ovc lavc -oac lavc -ofps 25 -srate 48000 -mc 0 -noskip -forceidx -o file2.avi
% avimerge -i file1.avi file2.avi -o blub.avi
-- 
Display MS-Word file:

% strings file.doc | fmt | less

or

% antiword file.doc
-- 
Convert MS-Word file to postscript:

% antiword -p a4 file.doc > file.ps
-- 
Convert manual to postscript:

% zcat /usr/share/man/man1/zsh.1.gz | groff -man > zsh.1.ps
or
% man -t zsh > zsh.ps
-- 
Read BIOS:

% dd if=/dev/mem bs=1k skip=768 count=256 2>/dev/null | strings -n 8
-- 
Read HTTP via netcat:

echo -e "GET / HTTP/1.1\r\nHost: $DOMAIN\r\n\r\n" | netcat $DOMAIN 80
-- 
Get X ressources for specific program:

% xrdb -q |grep -i xterm
-- 
Get windowid of specific X-window:

% xwininfo -int | grep "Window id:" | cut -d ' ' -f 4
-- 
Get titel of specific X-window:

% xprop WM_CLASS
-- 
check locale - LC_MESSAGES:

% locale -ck LC_MESSAGES
-- 
Create random password:

% pwgen
or
% dd if=/dev/urandom bs=14 count=1 | hexdump | cut -c 9-
-- 
Get tarballs of various Linux Kernel trees:

% ketchup 2.6
to get the current stable 2.6 release

% ketchup -l
to get a list of all supported trees
-- 
Transfer your SSH public key to another host:

% ssh-keygen   # ssh-keygen / ssh-key-gen: if you don't have a key yet
[...]
% ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote-system
or
% cat $HOME/.ssh/id_rsa.pub  | ssh user@remote-system 'cat >> .ssh/authorized_keys'

Tags: ssh, ssh key, public key, ssh-copy-id, ssh-keygen
-- 
Fetch and potentially change SCSI device parameters:

# sdparm /dev/sda

See: man sdparm
-- 
reclaim disk space by linking identical files together:

% dupmerge...
-- 
Find and remove duplicate files:

% dupseek ...
-- 
Perform layer 2 attacks:

# yersinia ...

Tags: network, attack, security
-- 
rootsh
-- 
Guess PC-type hard disk partitions / partition table:

# gpart <options>

Perform a standard scan:
# gpart /dev/ice

Write back the guessed table:
# gpart -W /dev/ice /dev/ice

Tags: partition, recovery, disk
-- 
Develop, test and use exploit code with the Metasploit Framework:

cd /tmp
wget http://spool.metasploit.com/releases/framework-3.2.tar.gz
unp framework-3.2.tar.gz
cd framework-3.2
./msfcli
-- 
Useful documentation:

% w3m   /usr/share/doc/Debian/reference/reference.en.html
or
% xpdf =(zcat /usr/share/doc/Debian/reference/reference.en.pdf.gz)

http://grml.org/docs/           grml Documentation
http://wiki.grml.org/           grml Wiki
http://www.debian.org/doc/      Debian Documentation
http://wiki.debian.org/         Debian Wiki
http://www.gentoo.org/doc/en/   Gentoo Documentation
http://gentoo-wiki.com/         Gentoo Wiki
http://www.tldp.org/            The Linux Documentation Project

Tips and tricks:

% fortune debian-hints

Tags: documentation
-- 
Fun stuff:

% fortune debian-hints
% dpkg -L funny-manpages
-- 
Backup master boot record (MBR):

# dd if=/dev/ice of=/tmp/backup_of_mbr bs=512 count=1

Tags: backup, mbr
-- 
Backup partition table:

# sfdisk -d /dev/hda > hda.out

Restore partition table:

# sfdisk /dev/hda < hda.out

Tags: backup, partition, sfdisk, recovery
-- 
Clone disk via network using netcat:

Listener:
# nc -vlp 30000 > hda1.img
Source:
# dd if=/dev/hda1 | nc -vq 0 192.168.1.2 30000

Adjust blocksize (dd's option bs=...) and include 'gzip -c'
to tune speed:

# dd if=/dev/hda1 bs=32M | gzip -c | nc -vq 0 192.168.1.2 30000

Tags: network, backup, dd, netcat
-- 
Backup specific directories via cpio and ssh:

# for f in directory_list; do find $f >> backup.list done
# cpio -v -o --format=newc < backup.list | ssh user@host "cat > backup_device"

Tags: backup
-- 
Clone disk via ssh:

This one uses CPU cycles on the remote server to compare the files:
# ssh target_address cat remotefile | diff - localfile
# cat localfile | ssh target_address diff - remotefile

This one uses CPU cycles on the local server to compare the files:
# ssh target_address cat <localfile "|" diff - remotefile

Tags: network, backup, ssh
-- 
Useful tools for cloning / backups:

* dd: convert and copy a file
* dd_rescue: copies data from one file (or block device) to another
* pcopy: a replacement for dd
* partimage: back up and restore disk partitions
* dirvish: Disk based virtual image network backup system
* devclone: in-place filesystem conversion -- device cloning
* ntfsclone: efficiently clone, image, restore or rescue an NTFS
* dump: ext2/3 filesystem backup
* udpcast: multicast file transfer tool
* cpio: copy files to and from archives
* pax: read and write file archives and copy directory hierarchies
* netcat / ssh / tar / gzip / bzip2: additional helper tools

Tags: network, backup, ssh, udp, rescue, recovery
-- 
Use grml as a rescue system:

Different tools:

  * dd: convert and copy a file
  * ddrescue: copies data from one file or block device to another
  * partimage: Linux/UNIX utility to save partitions in a compressed image file
  * cfdisk: Partition a hard drive
  * nparted: Newt and GNU Parted based disk partition table manipulator
  * parted-bf: The GNU Parted disk partition resizing program, small version
  * testdisk: Partition scanner and disk recovery tool
  * gpart: Guess PC disk partition table, find lost partitions

ext2/ext3:

  * e2fsprogs: ext2 file system utilities and libraries
  * e2tools: utilities for manipulating files in an ext2/ext3 filesystem
  * e2undel: Undelete utility for the ext2 file system
  * ext2resize: an ext2 filesystem resizer
  * recover: Undelete files on ext2 partitions

ReiserFS/Reiser4:

  * reiser4progs: administration utilities for the Reiser4 filesystem
  * reiserfsprogs: User-level tools for ReiserFS filesystems

XFS:

  * xfsdump: Administrative utilities for the XFS filesystem
  * xfsprogs: Utilities for managing the XFS filesystem

JFS:

  * jfsutils: utilities for managing the JFS filesystem

NTFS:

  * ntfsprogs: tools for doing neat things in NTFS partitions from Linux
  * salvage-ntfs: free NTFS data recovery tools
  * scrounge-ntfs: data recovery program for NTFS file systems
  * ntfsresize: resize ntfs partitions

Tags: ntfs, jfs, xfs, ext3, rescue, recovery, backup, filesystem, tools
-- 
Get ASCII value of a character with zsh:

% char=N ; print $((#char))
-- 
Convert a collection of mp3 files to wave or cdr using zsh:

% for i (./*.mp3){mpg321 --w - $i > ${i:r}.wav}
-- 
Convert images (foo.gif to foo.png) using zsh:

% for i in **/*.gif; convert $i $i:r.png
-- 
Remove all "non txt" files using zsh:

% rm ./^*.txt
-- 
Remote Shell Using SSH:

remote host:
% ssh -NR 3333:localhost:22 user@yourhost

local host:
% ssh user@localhost -p 3333

Tags: port forwarding, ssh, remote port, network
-- 
Reverse Shell with Netcat:

local host:
% netcat -v -l -p 3333 -e /bin/sh

remote host:
% netcat 192.168.0.1 3333

TagS: port forwarding, ssh, remote, network
-- 
Reverse Shell via SSH:

local host (inside the network):
% ssh -NR 1234:localhost:22 remote_host

remote host (outside the network):
% ssh localhost -p 1234

Tags: port forwarding, ssh, remote port, network
-- 
Remove empty directories with zsh:

% rmdir ./**/*(/od) 2> /dev/null
-- 
Find all the empty directories in a tree with zsh:

% ls -ld *(/^F)
-- 
Find all files without a valid owner and change ownership with zsh:

% chmod user /**/*(D^u:${(j.:u:.)${(f)"$(</etc/passwd)"}%%:*}:)
-- 
Display the 5-10 last modified files with zsh:

% print -rl -- /path/to/dir/**/*(D.om[5,10])
-- 
Find and list the ten newest files in directories and subdirs (recursive) with zsh:

% print -rl -- **/*(Dom[1,10])
-- 
Find most recent file in a directory with zsh:

% setopt dotglob ; print directory/**/*(om[1])
-- 
Tunnel all traffic through an external server:

% ssh -ND 3333 username@external.machine

Then set the SOCKS4/5 proxy to localhost:3333.
Check whether it's working by surfing e.g. to checkip.dyndns.org

Tags: ssh, network, proxy, socks, tunnel
-- 
Tunnel everything through SSH via tsocks:

set up the SSH proxy on the client side:

% ssh -ND 3333 user@remote.host.example.com

Adjust /etc/tsocks.conf afterwards (delete all other lines):

server = 127.0.0.1
server_port = 3333

For programs who natively support proxying connections (e.g. Mozilla
Firefox) you can now set the proxy address to localhost port 3333.

All other programs which's connections you want to tunnel through your
external host are prefixed with tsocks, e.g.:

% tsocks netcat example.com 80
% tsocks irssi -c irc.quakenet.eu.org -p 6667

If you call tsocks without parameters it executes a shell witht the
LD_PRELOAD environment variable already set and exported.

Tags: ssh, network, proxy, socks, tunnel, tsocks
-- 
smartctl - control and monitor utility for harddisks using Self-Monitoring,
Analysis and Reporting Technology (SMART):

# smartctl --all /dev/ice

If you want to use smartctl on S-ATA (sata) disks use:

# smartctl -d ata --all /dev/sda

Start offline test:
# smartctl -t offline /dev/ice

Start short test:
# smartctl -t short /dev/ice

Display results of test:
# smartctl -l selftest /dev/ice

Query device information:
# smartctl -i /dev/ice

Tags: smart, s.m.a.r.t, info, test, hardware
-- 
Mount a BSD / Solaris partition:

# mount -t ufs -o ufstype=ufs2 /dev/hda1 /mnt/hda1

Use ufstype 44bsd  for FreeBSD, NetBSD, OpenBSD (read-write).
Use ufstype ufs2   for >= FreeBSD 5.x (read-only).
Use ufstype sun    for SunOS (Solaris) (read-write).
Use ufstype sunx86 for SunOS for Intel (Solarisx86) (read-write).

See /usr/share/doc/linux-doc-$(uname -r)/Documentation/filesystems/ufs.txt.gz
for more details.

Tags: ufs, bsd, mount, solaris
-- 
Read BIOS (and or BIOS) password:

# dd if=/dev/mem bs=512 skip=2 count=1 | hexdump -C | head
-- 
Clone one of the kernel trees via git:

 git clone rsync://rsync.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git
                                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This path defines the tree. See http://kernel.org/git/ for an overview.
-- 
Mount filesystems over ssh protocol:

% sshfs user@host:/remote_dir /mnt/test

Unmount via:

% fusermount -u /mnt/test

(Notice: requires fuse kernel module)

Tags: ssh, sshfs, network, mount, directory, remote, fuse
-- 
Install Gentoo using grml:

See http://www.gentoo.org/doc/en/altinstall.xml
-- 
Convert files from Unicode / UTF-8 to ISO:

% iconv -c -f utf8 -t iso-8859-15 < utffile > isofile

and vice versa:

% iconv -f iso-8859-15 -t utf8 < isofile > utffile

Tags: utf-8, iso, unicode, utf8
-- 
Assign static setup for network cards (NICs) via udev:

Retrieve information for address (corresponding to MAC address):

  # udevadm info -a -p /sys/class/net/eth0/ | grep -i 'ATTR{address}'

Execute /lib/udev/write_net_rules with according values (INTERFACE
is old NIC name, INTERFACE_NAME is new NIC name and MATCHADDR
is the MAC address retrieved with udevadm info command):

  # INTERFACE=eth0 INTERFACE_NAME=lan0  MATCHADDR=00:00:00:00:00:01 /lib/udev/write_net_rules

This will generate file /etc/udev/rules.d/70-persistent-net.rules with content:

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:00:00:00:00:01", KERNEL=="eth*", NAME="lan0"

Finally take down the interface (ifdown/ifconfig) and execute:

  # udevadm trigger --action=add --subsystem-match=net

so the interface will be renamed. (Rebooting or
unloading drivers/restart udev/loading drivers again
works as well of course.)

Tags: udev, configuration, name, eth0, howto
-- 
Change the suffix from *.sh to *.pl using zsh:

% autoload zmv
% zmv -W '*.sh' '*.pl'
-- 
Generate SSL certificate:

Create self signed certificate (adjust /etc/ssl/openssl.cnf if necessary):
# openssl req -x509 -newkey rsa:1024 -keyout keyfile -out certfile -days 9999 -nodes

Check certfile:
# openssl x509 -in certfile -text

Verify against CA certificate:
# openssl verify -CAfile cacert.crt -verbose -purpose sslserver

Generate 2048bit RSA-key:
# openssl req -new -x509 -keyout pub-sec-key.pem -out pub-sec-key.pem -days 365 -nodes

As before but add request to existing key pub-sec-key.pem:
# openssl req -new -out request.pem -keyin pub-sec-key.pem

Show request request.pem:
# openssl req -text -noout -in request.pem

Verify signature of request request.pem:
# openssl req -verify -noout -in request.pem

Generate SHA1 fingerprint (modulo key) of request.pem:
# openssl req -noout -modulus -in request.pem | openssl sha1 -c

Generate 2048bit RSA-key and put it to pub-sec-key.pem. Save self signed certificate in self-signed-certificate.pem:
# openssl req -x509 -days 365 -newkey rsa:2048 -out self-signed-certificate.pem -keyout pub-sec-key.pem

As before but create self signed certificate based on existing key pub-sec-key.pem:
# openssl req -x509 -days 365 -new -out self-signed-certificate.pem -key pub-sec-key.pem

Generate new request out of existing self signed certificate:
# openssl x509 -x509toreq -in self-signed-certificate.pem -signkey pub-sec-key.pem -out request.pem

Display certificate self-signed-certificate.pem in plaintext:
# openssl x509 -text -noout -md5 -in self-signed-certificate.pem

Check self signed certificate:
# openssl verify -issuer_checks -CAfile self-signed-certificate.pem self-signed-certificate.pem

Estable OpenSSL-connection using self-signed-certificate.pem and display certificate:
# openssl s_client -showcerts -CAfile self-signed-certificate.pem -connect www.example.com:443

Generate ssl-certificate for use with apache2:

export RANDFILE=/dev/random
mkdir /etc/apache2/ssl/
openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem
chmod 600 /etc/apache2/ssl/apache.pem

Also take a look at make-ssl-cert (debconf wrapper for openssl):

# /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/apache.pem

and mod-ssl-makecert (utility to create SSL certificates in /etc/apache/ssl.*/).

Tags: openssl, howto
-- 
Change Windows NT password(s):

# mount -o rw /mnt/hda1
# cd /mnt/hda1/WINDOWS/system32/config/
# chntpw SAM SECURITY system

Notice: if mounting the partition read-write did not work (check syslog!)
try using mount.ntfs-3g instead: mount.ntfs-3g /dev/hda1 /mnt/hda1

(Be careful with deactivating syskey!)

Tags: password, windows, recovery, chntpw, howto
-- 
glark - replacement for grep written in Ruby:

A replacement for (or supplement to) the grep family, glark offers:
Perl compatible regular expressions, highlighting of matches,
context around matches, complex expressions and automatic exclusion
of non-text files.

Usage examples:

% glark -y keyword file      # display only the region that matched, not the entire line
% glark -o format print *.h  # search for either "printf" or "format"

More information: man glark
-- 
Find CD burning device(s):

General information on CD-ROM:
% cat /proc/sys/dev/cdrom/info

Scan using ATA Packet specific SCSI transport:
# cdrecord -dev=ATA -scanbus
# cdrecord-prodvd -s -scanbus dev=ATA

Get specific information for /dev/ice:
# cdrecord dev=/dev/ice -scanbus

Tags: hardware, info, cd burn
-- 
Create devices in /dev on udev:

For example create md devices (/dev/md0, /dev/md1,...):
# cd /dev ; WRITE_ON_UDEV=1 ./MAKEDEV md

Tags: raid, device
-- 
Identify network device (NIC):

# ethtool -i $DEVICE

Show NIC statistics:

# ethtool -S $DEVICE

If your NIC shows some aging signs, you may want to be sure:

# ethtool -t $DEVICE

Disable TCP/UDP checksums:

# ethtool -K $DEVICE tx off

Tags: configuration, network, device
-- 
grml2hd seems to hang? Getting Squashfs errors? Problems while booting?

Switch to tty12 and take a look at the syslog. If you see something like:

  SQUASHFS error: zlib_fs returned unexpected result 0x........
  SQUASHFS error: Unable to read cache block [.....]
  SQUASHFS error: Unable to read inode [.....]

your ISO/CD-ROM very probably is not ok. Verify it via booting with grml testcd.
Check your CD low-level via running:

# readcd -c2scan dev=/dev/cdrom

If the medium really is ok and it still fails try to boot with deactivated DMA
via using grml nodma at the bootprompt.

Tags: grml2hd, installation, verify, squashfs, error
-- 
Write a Microsoft compatible boot record (MBR) using ms-sys

Write a Windows 2000/XP/2003 MBR to a device:

# ms-sys -m /dev/ice

Notice: grab ms-sys from http://ms-sys.sourceforge.net/ - demo:

 wget http://surfnet.dl.sourceforge.net/sourceforge/ms-sys/ms-sys-2.1.3.tgz
 unp ms-sys-2.1.3.tgz
 cd ms-sys-2.1.3
 make
 ./bin/ms-sys ...

Tags: mbr, windows, ms-sys, recovery
-- 
Use a Vodafone 3G Datacard (UMTS) with Linux:

Plug in your vodafone card and check in syslog whether the appropriate
(probably /dev/ttyUSB0 or /dev/noz0) has been created. If so run:

# comgt -d $DEVICE
# wvdial --config /etc/wvdial.conf.umts $PROFILE

Usage examples:
# comgt -d /dev/ttyUSB0
# wvdial --config /etc/wvdial.conf.umts a1usb

# comgt -d /dev/noz0
# wvdial --config /etc/wvdial.conf.umts tmnozomi

# comgt -d /dev/noz0
# wvdial --config /etc/wvdial.conf.umts dreiusb

# comgt -d /dev/ttyACM0
# wvdial --config /etc/wvdial.conf.umts yesss

If you receive invalid DNS nameservers when connecting, like:

[...]
--> primary   DNS address 10.11.12.13
--> secondary DNS address 10.11.12.14

just provide a working nameserver to resolvconf via:

# echo "nameserver 80.120.17.70" | resolvconf -a ppp0

Notice: some vodafone cards require the nozomi driver (run 'modprobe nozomi' on
your grml system), some other ones require the sierra driver (run
'modprobe sierra').

If your device isn't supported by usbserial yet, manually provide vendor and
product ID when loading the usbserial module. Usage example:

% lsusb
[...]
Bus 004 Device 008: ID 1199:6813 Sierra Wireless, Inc.

# modprobe usbserial vendor=0x1199 product=0x6813

To get a list of available providers execute:

# comgt -s -d /dev/ttyUSB0 /etc/comgt/operator

Tags: umts, 3g, vodafone, sierra, wvdial, ppp, howto
-- 
hdparm - get/set hard disk parameters

Display the identification info that was obtained from the drive at boot time,
if available:
# hpdarm -i /dev/ice

Request identification info directly from the drive:
# hpdarm -I /dev/ice

Perform timings of device + cache reads for benchmark and comparison purposes:
# hdparm -tT /dev/ice

Tags: hardware, performance, configuration, harddisk
-- 
bonnie++ - program to test hard drive performance.

# mkdir /mnt/benchmark
# mount /dev/ice /mnt/benchmark
# chmod go+w /mnt/benchmark
# bonnie -u grml -d /mnt/benchmark -s 2000M

Tags: benchmark, harddisk
-- 
Use gizmo with a bluetooth headset:

% DEVICE="/dev/dsp$(awk '/- BT Headset/ {print $1}' /proc/asound/cards)"
% gizmo --mic $DEVICE --speaker $DEVICE
-- 
Scan a v4l device for TV stations:

% scantv -c /dev/video0 -C /dev/vbi0 -o ~/.xawtv

Then running xawtv should work:

% xawtv
-- 
Run apt-get with timeout of 3 seconds:

# apt-get -o acquire::http::timeout=3  update

Tags: apt-get
-- 
Debian GNU/Linux device driver check page

% $BROWSER http://kmuto.jp/debian/hcl/index.cgi
-- 
Use dd with status line:

# dd if=/dev/ice conv=noerror,notrunc,sync | buffer -S 100k | dd of=/tmp/file
-- 
Generate a 512k file of random data with status bar:

% dd if=/dev/random bs=1024 count=512 | bar -s 512k -of ./random
-- 
Install Grub instead of lilo on grml installation (grml2hd):

install grml:
# grml2hd ....

adjust grub's configuration file menu.lst:
# $EDITOR /boot/grub/menu.lst

now install grub (usage example for /dev/sda1):
# grub install
root (hd0,0)
setup (hd0)

Tags: grml2hd, grub
-- 
Install Ubuntu using grml:

See https://wiki.ubuntu.com/Installation/FromKnoppix

Tags: ubuntu, installation
-- 
Resize ext2 / ext3 partition:

# tune2fs -O '^has_journal' /dev/iceX # disable journaling
# fsck.ext2 -v -y -f /dev/iceX        # check the filesystem
# resize2fs -p /dev/iceX  $SIZE       # resize it (adjust $SIZE)
# fdisk /dev/ice                      # adjust partition in partition table
# fsck.ext2 -v -y -f /dev/iceX        # check filesystem again
# resize2fs -p /dev/iceX              # resize it to maximum
# tune2fs -j /dev/iceX                # re-enable journal

Tags: resize, ext2, ext3, ext4, partition, howto
-- 
Tune ext2 / ext3 filesystem:

Check partition first:

# tune2fs -l /dev/iceX

If you don't see dir_index in the list, then enable it:

# tune2fs -O dir_index /dev/iceX

Now run e2fsck with the -D option to have the directories optimized:

# e2fsck -D /dev/iceX

Notice: since e2fsprogs (1.39-1) filesystems are created with
directory indexing and on-line resizing enabled by default.

Tags: configuration, ext2, ext3, ext4, partition
-- 
Search for printers via network:

# pconf_detect -m NETWORK -i 192.168.0.1/24

Tags: printer, network, scan
-- 
Mount a remote directory via webdav (e.g. Mediacenter of GMX):

# mount -t davfs https://mediacenter.gmx.net/ /mnt/test

Tags: webdav, mount, mediacenter, gmx
-- 
System-Profiling using oprofile:

Prepare setup:

# opcontrol --reset
# opcontrol --setup --no-vmlinux --event=CPU_CLK_UNHALTED:500000:0:1:1 --separate=library

Start logging:
# opcontrol --start

Now $DO_SOME_TASKS...

Stop logging:
# opcontrol --shutdown

Then take a look at the reports using something like e.g.:
# opreport -t 0.5 --exclude-dependent
# opreport -t 0.5 /path/to/executable_to_check
# opannotate -t 0.5 --source --assembly

Tags: profile, profiling, opcontrol, howto
-- 
Install ATI's fglrx driver for Xorg / X.org:

Usually there already exist drivers for the grml-system:
# apt-get update ; apt-get install fglrx-driver fglrx-kernel-`uname -r`

After installing adjust xorg.conf via running:
# aticonfig --initial --input=/etc/X11/xorg.conf

For more information take a look at http://wiki.grml.org/doku.php?id=ati

Tags: xorg, x11, driver, ati
-- 
Install nvidia driver for Xorg / X.org:

Usually there already exist drivers for the grml-system:
# apt-get update ; apt-get install nvidia-glx nvidia-kernel-`uname -r`

Then switch from module nv to nvidia:

# sed -i 's/Driver.*nv.*/Driver      "nvidia"/' /etc/X11/xorg.conf

Tags: xorg, x11, driver, nvidia
-- 
glxgears - a GLX demo that draws three rotating gears

To print frames per second (fps) use:
% glxgears -printfps

Tags: xorg, x11, glx,
-- 
You forgot to boot with 'grml noeject noprompt' to avoid
ejecting and prompting for CD removal when rebooting/halting
the system?

Either run:

# noeject reboot

or:

# noeject halt

If you want to avoid only the prompting part, run:

# noprompt reboot

or:

# noprompt halt

Tags: bootparam, fix, grml
-- 
Mount wikipedia local via fuse:

Adjust configuration:
% cat ~/.wikipediafs/config.xml
<wfs-config>
    <general>
       <article-cache-time>300</article-cache-time>
    </general>
    <sites>
      <site>
        <dirname>wikipedia-de</dirname>
        <host>de.wikipedia.org</host>
        <basename>/w/index.php</basename>
      </site>
      <site>
        <dirname>wikipedia-en</dirname>
        <host>en.wikipedia.org</host>
        <basename>/w/index.php</basename>
      </site>
    </sites>
</wfs-config>

Mount it (/wiki must exist of course):
% mount.wikipediafs /wiki
% cat /wiki/wikipedia-en/Cat

Unmount via:
% fusermount -u /wiki

Tags: fuse, wikipedia, mount
-- 
Remote notification on X via osd (on screen display):

Start osd_server.py at your local host (listens on port 1234 by default):
% osd_server.py

Then login to a $REMOTEHOST
% ssh -R 1234:localhost:1234 $REMOTEHOST

Now send the text to your local display via running something like:
% echo "text to send" | nc localhost 1234

Very useful when you are waiting for a long running job
but want to do something else in the meanwhile:

% ./configure && make && echo "finished compiling" | netcat localhost 1234

You can use this in external programs as well of course. Examples:

Use osd in centericq:

% cat ~/.centericq/external
[...]
%action osd notify
event msg
proto all
status all
options nowait
%exec
#!/bin/bash
if [ -x /usr/bin/socat -a -x /bin/netcat ] ; then
  CONTACT_CUSTOM_NICK=$(cat ${CONTACT_INFODIR}/info | head -n 46 | tail -n 1)
  osd_msg="*** CenterICQ: new ${EVENT_NETWORK} ${EVENT_TYPE} from ${CONTACT_CUSTOM_NICK} ***"
  if echo | socat - TCP4:localhost:1234 &>/dev/null ; then
    echo "${osd_msg}" | netcat localhost 1234
  fi
fi

Use it in the IRC console client irssi via running:

/script load osd.pl

You can even activate the port forwarding by default globally:

% cat ~/.ssh/config
[...]
Host *
RemoteForward 1234 127.0.0.1:1234
ForwardAgent yes

Notice: if you get 'ABORT: Requested font not found' make sure the
requested font is available, running 'LANG=C LC_ALL=C osd_server.py...'
might help as well.

Tags: osd, notification, ssh, network, port-forwarding
-- 
Avoid automatical startup of init scripts via invoke-rc.d:

First of all make sure the package policyrcd-script-zg2 (which
provides the /usr/sbin/policy-rc.d interface) is installed.

In policyrcd-script-zg2's configuration file named
/etc/zg-policy-rc.d.conf the script /usr/sbin/grml-policy-rc.d is
defined as the interface for handling invoke-rc.d's startup policy.

grml-policy-rc.d can be configure via /etc/policy-rc.d.conf.  By
default you won't notice any differences to Debian's default
behaviour, except that invoke-rc.d won't be executed if a chroot has
been detected (detection: /proc is missing).

If you want to disable automatical startup of newly installed packages
(done via the invoke-rc.d mechanism) just set EXITSTATUS to '101' in
/etc/policy-rc.d.conf.

To restore the default behaviour set EXITSTATUS back to '0' in
/etc/policy-rc.d.conf.

Tags: policy, init, script, invode-rc.d
-- 
Install VMware-Tools for grml:

First of all make sure a CD-ROM device in VMware is available.

Mount the CD-ROM device to /mnt/cdrom, then unpack and install
the tools running:

cd /tmp
unp /mnt/cdrom/vmware-linux-tools.tar.gz
cd vmware-tools-distrib
./vmware-install.pl

/etc/init.d/networking stop
rmmod pcnet32
rmmod vmxnet
depmod -a
modprobe vmxnet
/etc/init.d/networking start

In an X terminal, launch the VMware Tools running:

vmware-toolbox

Tags: vmware, tool, vmware-toolbox, howto
-- 
Some important Postfix stuff

List mail queue:

# mailq
or
# postqueue -p

Send all messages in the queue:

# postqueue -f

Send all messages in the queue for a specific site:

# postqueue -s site

Delete a specific message
# postsuper -d 12345678942

Deletes all messages held in the queue for later delivery
# postsuper -d ALL deferred

Mail queues in postfix:

    incoming -> mail who just entered the system
    active   -> mail to be delivered
    deferred -> mail to be delivered later because there were problems
    hold     -> mail that should not be delivered until released from hold

For configuration of postfix take a look at
/etc/postfix/master.cf  - man 5 master
/etc/postfix/main.cf    - man 5 postconf
and http://www.postfix.org/documentation.html.
-- 
File permissions

mode 4000 - set user ID (suid):

- for executable files: run as the user who owns the file, instead of the
  user who runs the file
- for directories: not used

mode 2000 - set group ID (guid):

- for executable files: run as the group who owns the file, instead of the
  group of the user who runs the file
- for directories: when a file is created inside the directory, it belongs
  to the group of the directory instead of the default group of the user who
  created the file

mode 1000 - sticky bit:

- for files: not used
- for directories: only the owner of a file can delete or rename the file

Tags: postix, mailq, postsuper, queue, delete, smtp
-- 
Create MySQL database

# apt-get install mysql-client mysql-server

Run 'mysql' as root - create a database with:

create database grml

Give a user access to the database (without password):

grant all on grml.* to mika;

Give a user access to the database (with password):

grant all on grml.* to enrico identified by "PASSWORD";

Tags: mysql, database
-- 
Setup an HTTPS website:

Create a certificate:

# mkdir /etc/apache2/ssl
# make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem

Create a virtual host on port 443:

<VirtualHost www.foo.invalid:443>
[...]
</VirtualHost>

Enable SSL in the VirtualHost:

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem

Enable listening on the HTTPS port (/etc/apache2/ports.conf):

Listen 443

and make sure the SSL module is used:

# a2enmod ssl

Tags: ssl, https, configuration, apache
-- 
Useful Apache / Apache2 stuff

Check configuration file via running:

# apache2ctl configtest

Enable a site:

# a2ensite sitename

Enable a module

# a2enmod modulename

Tags: apache, configuration
-- 
Create tar archive and store it on remote machine:

% tar zcf - /sourcedir | ssh user@targethost "cat >file.tgz"

Tags: tar, backup, remote, network, ssh
-- 
Pick out and displays images from network traffic:

# driftnet

Tags: remote, network, sniff, image
-- 
Install Flash plugin:

# dpkg-reconfigure flashplugin-nonfree

Tags: flash, plugin
-- 
To test a proxy, low level way:

% telnet proxy 8080
[...]
GET http://www.google.com HTTP/1.0 [press enter twice]

Tags: proxy
-- 
Adjust system for use of qemu with kqemu:

Make sure you have all you need:
# aptitude update ; aptitude install qemu kqemu-modules-$(uname -r)

Then set up kqemu:

modprobe kqemu
mknod /dev/kqemu c 250 0
chmod 666 /dev/kqemu
chmod 666 /dev/net/tun

Check kqemu support via starting qemu, press
Ctrl-Alt-2 and entering 'info kqemu'.
-- 
(High-Load) Debugging related tools:

mpstat  # report processors related statistics
iostat  # report CPU statistics and input/output statistics for devices and partitions
vmstat  # report virtual memory statistics
slabtop # display kernel slab cache information in real time
atsar   # system activity report
dstat   # versatile tool for generating system resource statistics

Usage examples:

# mpstat -P ALL
# iostat -x 1
# iostat -xtc 5 3
# vmstat 1
# atsar -t 60 10
# dstat -af

Tags: test, debug, information, hardware, statistic
-- 
Using WPA for network setup manually:

# wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf

Adjust the options and configuration file to your needs.
Also take a look at 'grml-network'.

Tags: wireless, wpa, network, configuration
-- 
Start X and lock console via exiting:

% startx 2>~/.xsession-errors &| exit

Tags: xorg, x11, startx, graphical
-- 
Which process is writing to disk and/or causes the disk to spin up?

First of all use lsof to check what's going on. Does not help? ->

# echo 1 > /proc/sys/vm/block_dump

The command sets a sysctl to cause the kernel to log all disk
writes. Please notice that there is a lot of data.  So please
disable syslogd/syslog-ng before you do this, or you must make
sure that kernel output is not logged.

When you're done, disable block dump using:
# echo 0 > /proc/sys/vm/block_dump

Alternative:
laptop-mode-tools provides a tool named lm-profiler (laptop mode profiler)
which handles block_dump on its own.

See: $KERNEL-SOURCE/Documentation/laptop-mode.txt

Also take a look at event-viewer(8) which is part of grml-debugtools.

Tags: debug, device, block, partition
-- 
Install initrd via initramfs-tools for currently running kernel:

# update-initramfs -c -t -k $(uname -r)

Tags: initrd
-- 
Install initrd via yaird for currently running kernel:

# yaird -o /boot/initrd.img-$(uname -r)

Install initrd via yaird for specific kernel:

# mount /proc
# mount /sys
# yaird -o /boot/initrd.img-2.6.15-1-686 2.6.15-1-686
-- 
Reinstall package with its original configuration files:

# apt-get install --reinstall -o DPkg::Options::=--force-confmiss -o \
  DPkg::Options::=--force-confnew package
-- 
grml 0.8 funkenzutzler - rt2x00 drivers:

To avoid conflicts with the other rt2x00-drivers the package rt2x00 (which
includes beta-version drivers) is not installed by default. If you want to
use the kernel modules rt2400pci, rt2500pci, rt2500usb, rt61pci and/or
rt73usb please install the package manually running:

# dpkg -i /usr/src/rt2x00-modules-*.deb
-- 
Use Java with jikes and jamvm on grml:

Simple demo:

% cp /usr/share/doc/grml-templates/template.java .
% jikes template.java
% jamvm HelloWorld

Notice that grml exports $JIKESPATH (/usr/share/classpath/glibj.zip),
so you do not have to manually run
jikes --bootclasspath /usr/share/classpath/glibj.zip
-- 
Online resizing of (Software-)RAID5:

# Initiate a RAID5 setup for testing purposes:
mdadm --create --verbose /dev/md0 --level=5 --raid-devices=3 /dev/hda1 /dev/hdb1 /dev/hdd1

# Create filesystem, mount md0, create a testfile and save md5sum for
# later check:
mkfs.ext3 /dev/md0
mount /dev/md0 /mnt/test
dd if=/dev/urandom of=/mnt/test/dd bs=512 count=10000
md5sum /mnt/test/dd > md5sum

# Make sure the RAID is synched via checking:
cat /proc/mdstat

# Now remove one partition:
mdadm /dev/md0 --fail /dev/hdd1 --remove /dev/hdd1

# Delete partition, create a new + bigger one and set partition type to fd
# (Linux raid autodetect):
cfdisk /dev/hdd

# And re-add the partition:
mdadm -a /dev/md0 /dev/hdd1

# Make sure the RAID is synched via checking:
cat /proc/mdstat

# Repeat the steps for all other disks/partitions as well:
mdadm /dev/md0 --fail /dev/hdb1 --remove /dev/hdb1
cfdisk /dev/hdb
mdadm -a /dev/md0 /dev/hdb1
cat /proc/mdstat
mdadm /dev/md0 --fail /dev/hda1 --remove /dev/hda1
cfdisk /dev/hda
mdadm -a /dev/md0 /dev/hda1
cat /proc/mdstat

# Now resize the RAID5 system online [see 'man mdadm' for details]:
mdadm --detail /dev/md0 | grep -e 'Array Size' -e 'Device Size'
mdadm --grow /dev/md0 -z max
mdadm --detail /dev/md0 | grep -e "Array Size" -e 'Device Size'

# Last step - resize the filesystem (online again):
resize2fs /dev/md0

Tags: raid, resize, raid5, mdadm
-- 
ext3 online resizing:

Starting with Linux kernel 2.6.10 you can resize ext3 online.  With
e2fsprogs >=1.39-1 new filesystems are created with directory indexing and
on-line resizing enabled by default (see /etc/mke2fs.conf).

Demo:

cfdisk /dev/hda                           # create a partition with type 8e (lvm)
pvcreate /dev/hda2                        # create a physical volume
vgcreate vg0 /dev/hda2                    # create volume group
lvcreate -n resize_me -L1G vg0            # create a logical volume
mkfs.ext3 /dev/mapper/vg0-resize_me       # now create a new filesystem
mount /dev/mapper/vg0-resize_me /mnt/test # mount the new fs for demonstrating online resizing
df -h                                     # check the size of the partition
lvextend -L+2G /dev/mapper/vg0-resize_me  # let's extend the logical volume
resize2fs -p /dev/mapper/vg0-resize_me    # and finally resize the filesystem
df -h                                     # recheck the size of the partition

This also works for Software-RAID. Demo:

mdadm --create --verbose /dev/md0 --level=raid1 --raid-devices=2 /dev/hda2 /dev/hdb1
mkfs.ext3 /dev/md0
mount /dev/md0 /mnt/test
mdadm /dev/md0 --fail /dev/hda2 --remove /dev/hda2
cfdisk /dev/hda                                  # adjust partition size for hda2
mdadm /dev/md0 --add /dev/hda2
mdadm /dev/md0 --fail /dev/hdb1 --remove /dev/hdb1
cfdisk /dev/hdb                                  # adjust partition size for hdb1
mdadm /dev/md0 --add /dev/hdb1
mdadm --grow /dev/md0 --size=max
resize2fs /dev/md0

Notice: online resizing works as soon as the kernel can re-read the
partition table. So it works for example with LVM and SW-RAID but not with
a plain device (/dev/[sh]d*). The kernel does not re-read the partition
table if the device is already mounted.

Tags: resize, raid, lvm, ext2, ext3, ext4, raid1
-- 
Use vim as an outline editor:

% $PAGER /usr/share/doc/vim-vimoutliner/README.Debian
% vim ~/foo.otl
:he vo
-- 
Monitor directories/files for changes using iwatch

Monitor /tmp for changes:
% iwatch /tmp/

Monitor files/directories specified in /etc/iwatch.xml
and send mail on changes:
% iwatch

Tags: inotify, watch, file, directory
-- 
Some often used mdadm commands:

Set up RAID1:
# mdadm --create --verbose /dev/md0 --level=raid1 --raid-devices=2 /dev/hda1 /dev/hdb1

Display details of specific RAID:
# mdadm --detail /dev/md0
# cat /proc/mdstat

Simulating a drive failure by software:
# mdadm --manage --set-faulty /dev/md0 /dev/hda1

Remove disk from RAID:
# mdadm /dev/md0 -r /dev/hda1

Set disk as faulty and remove from RAID:
# mdadm /dev/md0 --fail /dev/hda1 --remove /dev/hda1

Stop a RAID-device:
# mdadm -S /dev/md0

Restart a RAID-device:
# mdadm -R /dev/md0

Add another disk to existing RAID setup (hotadd):
# mdadm /dev/md0 -a /dev/hde1
# mdadm --grow /dev/md0 --raid-devices=4

Assemble and start all arrays:
# mdadm --assemble --scan

Assemble a specific array:
# mdadm --assemble /dev/md0 /dev/sda1 /dev/sdb1 /dev/sdc1

Resync:
# mdadm --assemble --run --force --update=resync /dev/md0 /dev/sda1 /dev/sda2

Stop and rebuild:
# mdadm --stop --scan

Scan for and setup arrays automatically:
# mdadm --assemble --scan --auto=yes --verbose

Notice: If the above does not work make sure /etc/mdadm/mdadm.conf contains:
DEVICE partitions
CREATE owner=root group=disk mode=0660 auto=yes
HOMEHOST <system>
MAILADDR root

Running
# /usr/share/mdadm/mkconf > /etc/mdadm/mdadm.conf
might help as well.

Monitoring the sw raid
# nohup mdadm --monitor --mail=root@localhost --delay=300 /dev/md0

Producing /etc/mdadm/mdadm.conf:
# mdadm --detail --scan > /etc/mdadm/mdadm.conf

See also: man mdadm | less -p "^EXAMPLES"
          http://www.tldp.org/HOWTO/Software-RAID-HOWTO.html

Tags: raid, raid1, raid5, configuration, mdadm, howto
-- 
A quick summary of the most commonly used RAID levels:

RAID 0: Striped Set
 => 2 disks each 160 GB: 320 GB data
RAID 1: Mirrored Set
 => 2 disks each 160 GB: 160 GB data
RAID 5: Striped Set with Parity
 => 3 disks each 160 GB: 320 GB data; 160 GB redundancy

Common nested RAID levels:
RAID 01: A mirror of stripes
RAID 10: A stripe of mirrors
RAID 30: A stripe across dedicated parity RAID systems
RAID 100: A stripe of a stripe of mirrors

  -- http://en.wikipedia.org/wiki/RAID

Tags: raid, raid1, raid5, raid01, raid10, raid100
-- 
Logical Volume Management (LVM) with Linux

LVM setup layout:
~~~~~~~~~~~~~~~~~

|    hda1   hdc1      (PV:s on partitions or whole disks)
|       \   /
|        \ /
|       diskvg        (VG)
|       /  |  \
|      /   |   \
|  usrlv rootlv varlv (LV:s)
|    |      |     |
| ext3    ext3  xfs   (filesystems)

Often used commands:
~~~~~~~~~~~~~~~~~~~~

Create a physical volume:
# pvcreate /dev/hda2

Create a volume group:
# vgcreate testvg /dev/hda2

Create a logical volume:
# lvcreate -n test_lv -L100 testvg

Resize a logical volume:
# lvextend -L+100M /dev/resize_me/resize_me
# resize2fs /dev/resize_me/resize_me               # ext2/3
# xfs_growfs  /dev/resize_me/resize_me             # xfs
# resize_reiserfs -f /dev/resize_me/resize_me      # reiserfs online
# mount -o remount,resize /dev/resize_me/resize_me # jfs

Create a snapshot of a logical volume:
# lvcreate -L 500M --snapshot -n mysnap /dev/testvg/test_lv

Deactivate a volume group:
# vgchange -a n my_volume_group

Actually remove a volume group:
# vgremove my_volume_group

Display information about physical volume:
# pvdisplay /dev/hda1

Remove physical volume:
# vgreduce my_volume_group /dev/hda1

Remove logical volume:
# umount /dev/myvg/homevol
# lvremove /dev/myvg/homevol

See also: man lvm
          http://www.tldp.org/HOWTO/LVM-HOWTO/

Tags: lvm, howto, pvcreate, lvcreate
-- 
How to use APT locally

Sometimes you have lots of packages .deb that you would like to use APT to
install so that the dependencies would be automatically solved. Solution:

mkdir debs
dpkg-scanpackages debs /dev/null | gzip > debs/Packages.gz
echo "  deb file:/root debs/" >> /etc/apt/sources.list
dpkg-scansources debs | gzip > debs/Sources.gz
echo "  deb-src file:/root debs/" >> /etc/apt/sources.list

See also: http://www.debian.org/doc/manuals/apt-howto/ch-basico.en.html

Tags: mirror, local
-- 
Check filesystem's LABEL:

generic way:
# blkid /dev/sda1

ext2/3 without blkid:
# dumpe2fs /dev/sda1 | grep "Filesystem volume name"

xfs without blkid:
# xfs_admin -l /dev/sda1

reiserfs without blkid:
# debugreiserfs /dev/sda1 | grep -i label

jfs without blkid:
# jfs_tune -l /dev/sda1 | grep -i label

reiser4 without blkid:
# debugfs.reiser4 /dev/sda1 | grep -i label

Tags: filesystem, ext2, ext3, ext4, blkid, jfs, xfs, label
-- 
Check filesystem's UUID:

generic way:
# blkid /dev/sda1

ext2/3 without blkid:
# dumpe2fs /dev/sda1 | grep -i UUID

xfs without blkid:
# xfs_admin -u /dev/sda1

reiserfs without blkid:
# debugreiserfs /dev/sda1 | grep -i UUID

reiser4 without blkid:
# debugfs.reiser4 /dev/sda1 | grep -i UUID

Tags: filesystem, ext2, ext3, ext4, blkid, jfs, xfs, uuid
-- 
Change a filesystem's LABEL:

swap:
# mkswap -L $LABEL /dev/sda1

ext2/ext3:
# e2label /dev/sda1 $LABEL
# tune2fs -L $LABEL /dev/sda1

reiserfs:
# reiserfstune -l $LABEL /dev/sda1

jfs:
# jfs_tune -L $LABEL /dev/sda1

xfs:
# xfs_admin -L $LABEL /dev/sda1

fat/vfat:
# echo 'drive i: file="/dev/sda1"' >> ~/.mtoolsrc
# mlabel -s i:$LABEL

ntfs:
# ntfslabel $LABEL /dev/sda1

Tags: filesystem, ext2, ext3, ext4, blkid, jfs, xfs
-- 
Disable pdiffs feature of APT:

Permanent:
# echo 'Acquire::PDiffs "false";' >> /etc/apt/apt.conf

Temporary:
# apt-get update -o Acquire::Pdiffs=false
-- 
Backup big devices or files and create compressed splitted
image chunks of it using zsplit

Create backup of /dev/sda named archiveofsda_#.spl.zp in directory
/mnt/sda1/backup, split the files up into chunks of 1GB each and set
read/write buffer to 256kB:
# zsplit -b 256 -N archiveofsda -o /mnt/sda1/backup/ -s 1G /dev/sda

Restore the backup using unzsplit:
# unzsplit -D /dev/sda -d archiveofsda

More usage examples: man zsplit + man unzsplit

Tags: backup, reocvery, spllt, limit, howto
-- 
Measure network performance using iperf:

Server side:
% iperf -s -V

Client side:
% iperf -c <server_address> -V

or

Server with 128k TCP window size:
% iperf -s -w128k

Client with running for 60 seconds and bidirectional test:
% iperf -c <server_address> -r -w128k -t60

Tags: network, benchmark
-- 
Framebuffer resolutions:

                              Resolution in pixels
Color depth      |   640x480      800x600      1024x768      1280x1024
256        (8bit)|     769          771           773           775
32000     (15bit)|     784          787           790           793
65000     (16bit)|     785          788           791           794
16.7 Mill.(24bit)|     786          789           792           795

vga=0x... modes:

  Mode 0x0300: 640x400 (+640), 8 bits
  Mode 0x0301: 640x480 (+640), 8 bits
  Mode 0x0303: 800x600 (+800), 8 bits
  Mode 0x0303: 800x600 (+832), 8 bits
  Mode 0x0305: 1024x768 (+1024), 8 bits
  Mode 0x0307: 1280x1024 (+1280), 8 bits
  Mode 0x030e: 320x200 (+640), 16 bits
  Mode 0x030f: 320x200 (+1280), 24 bits
  Mode 0x0311: 640x480 (+1280), 16 bits
  Mode 0x0312: 640x480 (+2560), 24 bits
  Mode 0x0314: 800x600 (+1600), 16 bits
  Mode 0x0315: 800x600 (+3200), 24 bits
  Mode 0x0317: 1024x768 (+2048), 16 bits
  Mode 0x0318: 1024x768 (+4096), 24 bits
  Mode 0x031a: 1280x1024 (+2560), 16 bits
  Mode 0x031b: 1280x1024 (+5120), 24 bits
  Mode 0x0330: 320x200 (+320), 8 bits
  Mode 0x0331: 320x400 (+320), 8 bits
  Mode 0x0332: 320x400 (+640), 16 bits
  Mode 0x0333: 320x400 (+1280), 24 bits
  Mode 0x0334: 320x240 (+320), 8 bits
  Mode 0x0335: 320x240 (+640), 16 bits
  Mode 0x0336: 320x240 (+1280), 24 bits
  Mode 0x033c: 1400x1050 (+1408), 8 bits
  Mode 0x033d: 640x400 (+1280), 16 bits
  Mode 0x033e: 640x400 (+2560), 24 bits
  Mode 0x0345: 1600x1200 (+1600), 8 bits
  Mode 0x0346: 1600x1200 (+3200), 16 bits
  Mode 0x034d: 1400x1050 (+2816), 16 bits
  Mode 0x035c: 1400x1050 (+5632), 24 bits

Tags: framebuffer, resolution
-- 
Portscan using netcat:

# netcat -v -w2 <host|ip-addr.> 1-1024
-- 
Run apt-get but disable apt-listchanges:

APT_LISTCHANGES_FRONTEND=none apt-get ...

Upgrade system but disable apt-listbugs:

APT_LISTBUGS_FRONTEND=none apt-get ...
-- 
Set up a Transparent Debian Proxy

Install of apt-cacher, the default config will do:
# apt-get install apt-cacher

Check out the ip address of debian mirror(s).
Then add this to your firewall script:

DEBIAN_MIRRORS="141.76.2.4 213.129.232.18"
for ip in ${DEBIAN_MIRRORS} ; do
  ${IPTABLES} -t nat -A PREROUTING -s $subnet -d $ip -p tcp --dport 80 -j REDIRECT --to-port 3142
done

where ${IPTABLES} is the location of your iptables binary
and $subnet is your internal subnet.

Now everybody in your subnet who does access either
ftp.de.debian.org or ftp.at.debian.org will actually
access your apt-cacher instead.

To use apt-cacher on the router itself, add the following
line to your /etc/apt/apt.conf:

Acquire::http::Proxy "http://localhost:3142/";

Tags: proxy, debian, apt-get, howto
-- 
Version control using Mercurial

Setting up a Mercurial project:

% cd project
% hg init           # creates .hg
% hg add            # add all files
% hg commit         # commit all changes, edit changelog entry

Branching and merging:

% hg clone linux linux-work  # create a new branch
% cd linux-work
<make changes>
% hg commit
% cd ../linux
% hg pull ../linux-work     # pull changesets from linux-work
% hg merge                  # merge the new tip from linux-work into
                            # (old versions used "hg update -m" instead)
                            # our working directory
% hg commit                 # commit the result of the merge

Importing patches:

% cat ../p/patchlist | xargs hg import -p1 -b ../p

Exporting a patch:

(make changes)
% hg commit
% hg tip
1234:af3b5cd57dd5
% hg export 1234 > foo.patch    # export changeset 1234

Export your current repo via HTTP with browsable interface:

% hg serve -n "My repo" -p 80

Pushing changes to a remote repo with SSH:

% hg push ssh://user@example.com/~/hg/

Merge changes from a remote machine:

host1% hg pull http://foo/
host2% hg merge # merge changes into your working directory

Set up a CGI server on your webserver:
% cp hgwebdir.cgi ~/public_html/hg/index.cgi
% $EDITOR ~/public_html/hg/index.cgi # adjust the defaults
-- 
Download binary codecs for mplayer:

# /usr/share/mplayer/scripts/win32codecs.sh

or

# /usr/share/mplayer/scripts/binary_codecs.sh install

(depending on the mplayer version you have).

To play encrypted DVDs and if you are living in a country where using
libdvdcss code is not illegal can install Debian package libdvdread3
and use the script /usr/share/doc/libdvdread3/install-css.sh.
-- 
Read manpages of uninstalled packages with debman:

% debman -p git-core git
-- 
Test network performance using netperf:

Server:
# netserver

Client:
# netperf -t TCP_STREAM -H 192.168.0.41

Tags: benchmark, network
-- 
Setup Xen within 20 minutes on Debian/grml

Install relevant software und update grub's menu.lst (Xen does not work with
usual lilo so install grub instead if not done already):

apt-get install linux-image-2.6.18-1-xen-686 xen-hypervisor-3.0.3-1-i386 \
                 xen-utils-3.0.3-1 xen-tools bridge-utils
update-grub

Example for installation of Debian etch as DomU:

mkdir /mnt/md1/xen
xen-create-image --debootstrap --dir=/mnt/md1/xen --size=2Gb --memory=512Mb --fs=ext3 \
   --cache=yes --dist=etch --hostname=xengrml1 --ip 192.168.1.2 --netmask 255.255.255.0 \
  --gateway 192.168.1.1 --initrd=/boot/initrd.img-2.6.18-1-xen-686 \
  --kernel=/boot/vmlinuz-2.6.18-1-xen-686 --mirror=http://ftp.at.debian.org/debian/

Start services:

/etc/init.d/xend start
/etc/init.d/xendomains start

Setup a bridge for network, either manually:

brctl addbr xenintbr
brctl stp xenintbr off
brctl sethello xenintbr 0
brctl setfd xenintbr 0
ifconfig xenintbr 192.168.1.1 netmask 255.255.255.0 up

or via /etc/network/interfaces (run ifup xenintbr to bring up the device then
without rebooting):

auto xenintbr
iface xenintbr inet static
  pre-up brctl addbr xenintbr
  post-down brctl delbr xenintbr
  address 192.168.1.1
  netmask 255.255.255.0
  bridge_fd 0
  bridge_hello 0
  bridge_stp off

Setup forwarding (adjust $PUBLIC_IP; for permanet setup use /etc/sysctl.conf and
add the iptables commands to a startup script like /etc/init.d/rc.local):

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j SNAT --to $PUBLIC_IP
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to $PUBLIC_IP

Adjust network configuration of Xend:

cat >> /etc/xen/xend-config.sxp << EOF
(network-script    network-route)
(vif-bridge        xenintbr)
(vif-script        vif-bridge)
EOF

List domains, start up a DomU, shutdown later again:

xm create -c /etc/xen/xengrml1.cfg
xm list
xm shutdown 1

This HowTo is also available online at http://grml.org/xen/

Tags: howto, xen, grml
-- 
Play tetris with zsh:

autoload -U tetris
zle -N tetris
bindkey "^Xt" tetris

Now press 'ctrl-x t'.
-- 
Set up a router with grml

Run grml-router script:
# grml-router

Install dnsmasq if not already present:
# apt-get update ; apt-get install dnsmasq

Adjust /etc/dnsmasq.conf according to your needs:
# cat >> /etc/dnsmasq.conf << EOF
domain-needed
bogus-priv
dhcp-range=19.168.0.124,192.168.0.254,1m # dhcp range
dhcp-option=3,192.168.0.1   # dns server
dhcp-option=1,255.255.255.0 # netmask
EOF

Start dnsmasq finally:
# Restart dnsmasq

Tags: network, router, grml
-- 
Display stats about memory allocations performed by a program:

Usage example for 'ls':

% LD_PRELOAD=/lib/libmemusage.so ls > /dev/null
-- 
Use KVM (Kernel-based Virtual Machine for Linux):

Make sure to install the relevant tools:
# apt-get update ; apt-get install kvm
# modprobe kvm

Test it with a minimal system like ttylinux:
# wget http://www.minimalinux.org/ttylinux/packages/bootcd-i386-5.3.iso.gz
# gzip -d bootcd-i386-5.3.iso.gz
# kvm -cdrom bootcd-i386-5.3.iso
-- 
EEPROM data decoding for SDRAM DIMM modules:

# modprobe eeprom
# /usr/share/doc/lm-sensors/examples/eeprom/decode-dimms.pl
-- 
Set up and use DVB:

Make sure your device is supported by Linux and running.
See http://www.linuxtv.org/ for more details.

If the DVB device works on your system (see 'hwinfo --usb'
when using a DVB usb device for example), then make sure you
have the scan util from dvb-utils available:

# aptitude install dvb-utils

Then create a channels.conf configuration file:

% scan /usr/share/doc/dvb-utils/examples/scan/... > ~/.mplayer/channels.conf

You can find some example configuration files on
your grml system in ~/.channels. Usage example:

% ln -s ~/.mplayer/channels.conf-AT-graz ~/.mplayer/channels.conf

Tip: w_scan (see http://free.pages.at/wirbel4vdr/w_scan/index2.html)
might be useful if you do not know the initial configuration
details.
-- 
Get the lastest mercurial snapshot:

Make sure you have the python-dev package available:
# apt-get update ; apt-get install python-dev

Get and build the source:
% hg clone http://selenic.com/repo/hg mercurial
% cd mercurial
% make local
% export PYTHONPATH=$(pwd)
% export PATH=$PATH:$(pwd)

now you should have the newest version of mercurial whenever you execute hg.

To update to the lastest development snapshot, additionally use
the following commands:
% hg pull -u http://hg.intevation.org/mercurial/crew
% make local
-- 
Configure timezone
==================

Available bootoptions relevant in live-cd mode:
-----------------------------------------------

* utc: set UTC, if your system clock is set to UTC (GMT)
* gmt: set UTC, if your system clock is set to UTC (GMT) [like bootoption utc]
* tz=$option: set timezone to corresponding $option, usage example:
  tz=Europe/Vienna

Configuration options relevant on harddisk installation:
--------------------------------------------------------

* Use the tzconfig utility to set the local timezone:

  # tzconfig

  which adjusts /etc/timezone and /etc/localtime according
  to the provided information. Running:

  # dpkg-reconfigure tzdata

  might be useful as well.

* /etc/default/rcS: set variable UTC according to your needs,
  whether your system clock is set to UTC (UTC='yes') or
  not (UTC='no')

* /etc/localtime: adjust zoneinfo according to your needs:

  # ln -sf /usr/share/zoneinfo/$WHATEVER_YOU_WANT /etc/localtime

  The zoneinfo directory contains the time zone files that were
  compiled by zic. The files contain information such as rules
  about DST. They allow the kernel to convert UTC UNIX time into
  appropriate local dates and times. Use the zdump utility to
  print current time and date (in the specified time zone).

* /etc/adjtime: This file is used e.g. by the adjtimex function,
  which can smoothly adjust system time while the system runs

* If you change the time (using 'date --set ...', ntpdate,...)
  it is worth setting also the hardware clock to the correct time:

  # hwclock --systohc [--utc]

  Remember to add the --utc -option if the hardware clock is set
  to UTC!

Still problems?
---------------

Check your current settings via:

  cat /etc/timezone
  zdump /etc/localtime
  echo $TZ
  hwclock --show
  grep hwclock /etc/runlevel.conf
  grep '^UTC' /etc/default/rc

Further information:
--------------------

  hwclock(8) tzselect(1) tzconfig(8)
  http://www.debian.org/doc/manuals/system-administrator/ch-sysadmin-time.html
  http://wiki.debian.org/TimeZoneChanges

Tags: timezone, rtc, configuration
-- 
Recorder shellscript session using script:

% script -t 2>~/upgrade.time -a ~/upgrade.script
% scriptreplay ~/upgrade.time ~/upgrade.script
-- 
Test UTF-8 capabilities of terminal:

wget http://www.linux-cjk.net/Console/garabik/UTF-8-demo.txt.gz
zcat UTF-8-demo.txt.gz

or:

wget http://www.cl.cam.ac.uk/~mgk25/ucs/examples/UTF-8-test.txt
cat UTF-8-test.txt
-- 
UTF-8 at grml / some general information regarding Unicde/UTF-8:

  http://wiki.grml.org/doku.php?id=utf8
-- 

This allows one ssh connection attepmt per minute per source ip, with a initial
burst of 10.  The available burst is like a counter which is initialised with
10. Every connection attempt decrements the counter, and every minute where the
connection limit of one per minute is not overstepped the counter is
incremented by one.  If the burst counter is exhausted the real rate limit
comes into play. This gives you 11 connectionattepmts in the first minute
before blocked for 10minutes.  After 10 minutes block the game restarts.

Hint: you could set the burst value to 5 and the block time to only 5 minutes
to achive the same average connection rate but with halve the block time.

iptables -A inet_in -p tcp --syn --dport 22 -m hashlimit --hashlimit-name ssh \
         --hashlimit 1/minute \ --hashlimit-burst 10 --hashlimit-mode srcip   \
         --hashlimit-htable-expire 600000 -j ACCEPT
iptables -A inet_in -p tcp --dport 22 -m state --state NEW -j REJECT
-- 
Tunnel a specific connection via socat:

On the client:
% socat TCP4-LISTEN:8003 TCP4:gateway:500

On the gateway:
# socat TCP4-LISTEN:500,fork TCP4:target:$PORT

Using localhost:8003 on the client uses the tunnel now.
-- 
Set date:

# date --set=060916102007

where the bits are month(2)/day(2)/hour(2)/minute(2)/year(4)

Set date using a relative date:

# date -s '+3 mins'

or

# date -s '+tomorrow'

Display a specific relative date:

# date -d '+5 days -2 hours'

Don't forget to set hardware clock via:

# hwlock -w
-- 
Booting grml via network / PXE:

Start grml-terminalserver on a system with network access
and where grml is running:

# grml-terminalserver

Then booting your client(s) via PXE should work without
any further work.

See: man grml-terminalserver + http://grml.org/terminalserver/

Tags: howto, pxe, network, boot
-- 
Debugging SSL communications:

% openssl s_client -connect server.adress:993 > output_file
% openssl x509 -noout -text -in output_file

or

# ssldump -a -A -H -i eth0

See http://prefetch.net/articles/debuggingssl.html for more details.

Tags: debug, ssl, openssl
-- 
Remove bootmanager from MBR:

# lilo -M /dev/hda -s /dev/null

Tags: mbr, lilo
-- 
Rewrite grub to MBR:

# mount /mnt/sda1
# grub-install --recheck --no-floppy --root-directory=/mnt/sda1 /dev/sda

Tags: mbr, grub
-- 
Rewrite lilo to MBR:

# mount /mnt/hda1
# lilo -r /mnt/hda1

Tags: mbr, lilo
-- 
Create screenshot of plain/real console - tty1:

# fbgrab -c 1 screeni.png
-- 
Create screenshot when running X:

% scrot

Tip: use the gkrellshoot plugin when using gkrellm

Tags: screenshot, xorg
-- 
Redirect all connections to hostA:portA to hostB:portB, where hostA and hostB are
different networks:

Run the following commands on hostA:

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --dport portA -j DNAT --to hostB:portB
iptables -A FORWARD -i eth0 -o eth0 -d hostB -p tcp --dport portB -j ACCEPT
iptables -A FORWARD -i eth0 -o eth0 -s hostB -p tcp --sport portB -j ACCEPT
iptables -t nat -A POSTROUTING -p tcp -d hostB --dport portB -j SNAT --to-source hostA

Tags: howto, network, redirect, port
-- 
Flash BIOS without DOS/Windows:

Dump flash info and set the flash chip to writable:
# flashrom

Backup the original BIOS:
# flashrom -r backup.bin

Notice: the following step will overwrite your current BIOS!
So make sure you really know what you are doing.

Flash the BIOS image:
# flashrom -wv newbios.bin

Also check out LinuxBIOS: http://linuxbios.org/
-- 
Enable shadow passwords:

# shadowconfig on
-- 
Set up an IPv6 tunnel on grml:

# ipv6-tunnel start
-- 
Set up console newsreader slrn for use with Usenet:

% grml-slrn
-- 
Calculate with IPv6 addresses:

% ipv6calc

For usage examples refer to manpage ipv6calc(8).

Tags: ipv6
-- 
Common network debugging tools for use with IPv6:

% ping6
% tracepath6
% traceroute6
% tracert6
% nc6
% tcpspray6

Tags: ipv6
-- 
Set up NFS (Network File System):

Server-side
~~~~~~~~~~~
Make sure the relevant services are running on the server side:

# /etc/init.d/portmap start
# /etc/init.d/nfs-common start
# /etc/init.d/nfs-kernel-server start

Export shares via /etc/exports:

/backups 192.168.1.100/24(rw,wdelay,no_root_squash,async,subtree_check)

... or manually export a directory running:

# exportfs -o rw,wdelay,no_root_squash,async,subtree_check 192.168.1.100:/backups

and unexport a share running:

# exportfs -u 192.168.1.100:/backups

and every time when you modify /etc/exports file run

# exportfs -ra

Display what NFS components are running:

# rpcinfo -p

Display list of exported shares:

# exportfs -v
or
# showmount -e

Client-side
~~~~~~~~~~~
Make sure the relevant services are running on the client side:

# /etc/init.d/portmap start
# /etc/init.d/nfs-common start

Verify that the server allows you to access its RPC/NFS services:

# rpcinfo -p server_name

Check what directories the server exports:

# showmount -e server_name

On the client side you can use something like the following in /etc/fstab:

192.168.1.101:/backups /mnt/nfs nfs defaults,users,wsize=8192,rsize=8192 0 0

Tags: nfs, howto, network
-- 
Mount a cloop file:

# aptitude install cloop-src
# m-a a-i cloop-src

# modprobe cloop file=/path/to/cloop/file
# mount -r -t iso9660 /dev/cloop /mnt/test
-- 
Create a PS/PDF of a plaintext file:

% a2ps --medium A4dj -E -o output.ps input_file
% ps2pdf output.ps
-- 
Print two pages on one in a PDF file:

% pdfnup --nup 2x1 input.pdf

Concatenate, extract pages/parts, encrypt/decrypt,
compress PDFs using 'pdftk'.
-- 
Read a PS/PDF file on console:

% pstotext file.pdf

or on plain framebuffer console in graphical mode:

% pdf2ps file.pdf ; ps2png file.ps file.png ; fbi file.png

or

% fbgs file.pdf
-- 
Bypass the password of a PDF file:

% gs -q -dNOPAUSE -sDEVICE=pdfwrite -sOutputFile=output.pdf input.pdf -c quit
-- 
Record sound:

% rec test.aiff

This will record a AIFF audio file.
-- 
Change passphrase / password of an existing SSH key:

% ssh-keygen -p
-- 
Enable syntax highlighting in nano:

Just uncomment the include directives for your respective
language at the bottom of the file /etc/nanorc
-- 
Create netboot package for grml-terminalserver:

# bash /usr/share/doc/grml-terminalserver/examples/create-netboot
-- 
To boot grml via network (PXE) check out grml-terminalserver:

# grml-terminalserver

See http://grml.org/terminalserver/ for more details.
-- 
Rotate pictures:

Using the 'Orientation' tag of the Exif header, rotate
the image so that it is upright:
% jhead -autorot *.jpg

Manually rotate a picture:
% convert -rotate 270 input.jpg output.jpg
-- 
Rename files based on the information inside their exif header:

% jhead -n%Y-%m-%d_%Hh%M_%f *.jpg

This will rename a file named img_2071.jpg to something like:

2007-08-17_10h38_img_2071.jpg

if it was shot at 10:38 o'clock on 2007-08-17 (according to
the information inside the exif header).
-- 
Calculate network / netmask:

Usage examples:
% ipcalc 10.0.0.28 255.255.255.0
% ipcalc 10.0.0.0/24
-- 
Blacklist a kernel module:

# blacklist <name_of_kernel_module>

-> running 'blacklist hostap_cs' for example will generate an
entry like this in /etc/modprobe.d/grml:

blacklist hostap_cs
alias hostap_cs off

To remove the module from the blacklist again just invoke:

# unblacklist <name_of_kernel_module>

or manually remove the entry from /etc/modprobe.d/grml.
-- 
Create a Debian package of a perl module:

% dh-make-perl --cpan Acme::Smirch --build
-- 
The Magic SysRq Keys (SysReq or Sys Req, short for System Request):

To reboot your system using the SysRq keys just hold down the Alt and
SysRq (Print Screen) key while pressing the keys REISUB ("Raising
Elephants Is So Utterly Boring").

R = take the keyboard out of raw mode
E = terminates all processes (except init)
I = kills all processes (except init)
S = synchronizes the disk(s)
U = remounts all filesystems read-only
B = reboot the system

Notice: use O instead of B for poweroff.

Or write the sequence to /proc/sysrq-trigger instead:

# for i in r e i s u b ; do echo $i > /proc/sysrq-trigger ; done

To enable or disable SysRq calls:

# echo 0 > /proc/sys/kernel/sysrq
# echo 1 > /proc/sys/kernel/sysrq

See http://en.wikipedia.org/wiki/Magic_SysRq_key for more details.

Tags: reboot, documentation, sysrq, magic
-- 
Memtest / memcheck:

Just boot your grml Live-CD with "memtest" to execute a memcheck/memtest
with Memtest86+.
-- 
Tunnel TCP-Traffic through DNS using dns2tcp:

Server-side:
~~~~~~~~~~~~
1. Create necessary DNS-Records:
dnstun.example.com.     3600    IN      NS      host.example.com.
dnstun.example.com.     3600    IN      A       192.168.1.1
host.example.com.       3600    IN      A       192.168.1.1

2. Configure dns2tcpd on host.example.com.:
# cat /etc/dns2tcpd.conf 
listen = 192.168.1.1          #the ip dns2tcpd should listen on
port = 53                     #" port " " " "
user = nobody
chroot = /tmp
domain = dnstun.example.com.  # the zone as specified inside dns
ressources = ssh:127.0.0.1:22 # available resources

3. Start the daemon:
# cat > /etc/default/dns2tcp << EOF
# Set ENABLED to 1 if you want the init script to start dns2tcpd.
ENABLED=1
USER=nobody
EOF
# /etc/init.d/dns2tcp start

Client-side:
~~~~~~~~~~~~
You have two possibilities:
- Use the DNS inside your network (DNS must allow resolving for external domains)
# grep nameserver /etc/resolv.conf 
nameserver 172.16.42.1
# dns2tcpc -z dnstun.example.com 172.16.42.1
Available connection(s) : 
        ssh
# dns2tcpc -r ssh -l 2222 -z dnstun.example.com 172.16.42.1 &
Listening on port : 2222
# ssh localhost -p 2222
user@host.example.com:~#

- Directly contact the endpoint (port 53 UDP must be allowed outgoing)
# dns2tcpc -z dnstun.example.com dnstun.example.com
Available connection(s) : 
        ssh
# dns2tcpc -r ssh -l 2222 -z dnstun.example.com dnstun.example.com &
Listenning on port : 2222
# ssh localhost -p 2222
user@host.example.com:~#

Notice: using 'ssh -D 8080 ..' you will get a socks5-proxy listening on
localhost:8080 which you can use to tunnel everything through your "dns-uplink".

Tags: howto, network, tunnel
-- 
Configure a MadWifi device for adhoc mode:

Disable the autocreation of athX devices:
# echo "options ath_pci autocreate=none" > /etc/modprobe.d/madwifi

Remove the autocreated device for now:
# wlanconfig ath0 destroy

Configuration in /etc/network/interfaces:

iface ath0 inet static
  madwifi-base wifi0
  madwifi-mode adhoc
  ...

Hints:
  - Do not use interface names without ending 0 (otherwise startup fails).
  - Only chooss unique names for interfaces.
-- 
Find dangling symlinks using zsh:

% ls **/*(-@)
-- 
Use approx with runit supervision
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Install the packages:
# apt-get install approx runit

Add user approxlog for the logging daemon:
# adduser --system --home /nonexistent --no-create-home approxlog

Create config directory:
# mkdir /etc/sv/approx

Use /var/run/sv.approx as supervise directory:
# ln -s /var/run/sv.approx /etc/sv/approx/supervise

# cat > /etc/sv/approx/run << EOF
#!/bin/sh
echo 'approx starting'
exec approx -f 2>&1
EOF

You normally do not need a logging service for approx because it logs
to syslog too. So just for completion:
# mkdir -p /etc/sv/approx/log
# ln -s /var/run/sv.approx.log /etc/sv/approx/log/supervise
# cat > /etc/sv/approx/log/run << EOF
#!/bin/sh
set -e
LOG="/var/log/approx"
test -d "$LOG" || mkdir -p -m2750 "$LOG" && chown approxlog:adm "$LOG"
exec chpst -uapproxlog svlogd -tt -v "$LOG"
EOF

Now activate the new approx service (will be started within 5s):
# ln -s /etc/sv/approx/ /var/service/

Make approx managed via runit available via init-script interface:
# dpkg-divert --local --rename /etc/init.d/approx
# ln -s /usr/bin/sv /etc/init.d/approx
-- 
Remote-reboot a grml system using SysRQ via /proc (execute as root):

eject &>/dev/null
umount -l /cdrom
eject /dev/cdrom
echo b > /proc/sysrq-trigger

Tags: reboot, howto, grml, network
-- 
Show what happens on /dev/sda0:

# mount the debugfs to relay kernel info to userspace
mount -t debugfs none /sys/kernel/debug

# is a convenient wrapper arround blktrace and blkparse
btrace /dev/sda0

Tags: debug, block, partition, trace
-- 
Convert Flash to Avi:

% ffmpeg -i input.flv output.avi

Extract MP3 from Flash file:

% for i in *.flv; do ffmpeg -i $i -acodec copy ${i%.flv}.mp3 ; done
-- 
Usage example for cryptsetup / -luks encrypted partition on LVM:

volume group name:   x61
logical volume name: home

echo "grml-crypt_home /dev/mapper/x61-home none luks" >> /etc/crypttab
Start cryptdisks
mount /dev/mapper/grml-crypt_home /mnt/test
-- 
fdisk/parted/... complains with something like
'unable to open /dev/sda - unrecognised disk label'?!

See http://grml.org/faq/#fdisk =>

* use /sbin/fdisk.distrib from util-linux
* switch to sfdisk, cfdisk,...
* use parted's mklabel command (but please read the
  parted manual before executing this command)
-- 
dmraid - support for SW-RAID / FakeRAID controllers
like Highpoint HPT and Promise FastTrack

Activate all software RAID sets discovered:
# dmraid -ay

Deactivates all active software RAID sets:
# dmraid  -an

Discover all software RAID devices supported on the system:
# dmraid -r
-- 
Extract winmail.dat:

List content:
% ytnef winmail.dat

Extract files to current directory:
% ytnef -f . winmail.dat
-- 
Approx - Debian package proxy/cacher howto

% apt-get install approx
% echo 'debian  http://ftp.de.debian.org/debian' >>/etc/approx/approx.conf
% Restart approx

Add your new approx to sources.list

eg.
deb http://localhost:9999/debian  unstable  main contrib non-free

use approx in grml-debootstrap like:
% grml-debootstrap -r squeeze -t /dev/sda1 -m http://127.0.0.1:9999/debian
-- 
Simple webserver with python:

% python -m SimpleHTTPServer
-- 
Upgrade only packages from the grml-stable Debian repository:

echo 'deb http://deb.grml.org/ grml-stable main' > /etc/apt/grml-stable.list
apt-get -o Dir::Etc::sourcelist=/etc/apt/grml-stable.list -o Dir::Etc::sourceparts=/doesnotexist update
apt-get upgrade
-- 
Install Centos into a directory:

% febootstrap centos-5 directory http://mirror.centos.org/centos-5/5.3/os/i386/
-- 
Install Fedora into a directory:

% febootstrap fedora-11 target_directory
-- 
Use Nessus / OpenVAS (remote network security auditor):

Install software packages:
# apt-get update
# apt-get install openvas-client openvas-server openvas-plugins-base openvas-plugins-dfsg

Add a user:
# openvas-adduser

Start openvas server (takes a while):
# Start openvas-server

Invoke client as user:
% OpenVAS-Client
-- 
Find packages not available from any active apt repository:

% apt-show-versions | awk '/No available version in archive/{print $1}'
-- 
Simple mailserver with python:

% python -m smtpd -n -c DebuggingServer localhost:1025
-- 
finger via netcat:

echo $USER | nc $HOST 79
-- 
Install Archlinux using Grml:

https://wiki.archlinux.org/index.php/Install_from_Existing_Linux
or
wget http://tokland.googlecode.com/svn/trunk/archlinux/arch-bootstrap.sh
-- 
Export blockdevices via AoE (ATA over Ethernet):

% vblade -m 11:22:33:44:55:66 160 2 eth0 /dev/sdb1

Allow the host with the mac address 11:22:33:44:55:66 to access /dev/sdb1
via eth0, using the shelf and slot numbers 160 and 2. These numbers are
arbitrary but should be unique within the network.

A word of warning: AoE is prone to all kind of nasty ethernet attacks,
especially arp spoofing. Do not use in hostile networks.

Tags: aoe, blockdevice, export, server
-- 
Access blockdevices via AoE (ATA over Ethernet):

% sudo aoe-discover

and the device should show up under /dev/etherd/. If your shelf and
slot numbers re 160 and 2 the device will be /dev/etherd/e160.2

A word of warning: AoE is prone to all kind of nasty ethernet attacks,
especially arp spoofing. Do not use in hostile networks.

Tags: aoe, blockdevice, export, client
--