X-Git-Url: http://git.grml.org/?p=grml-tips.git;a=blobdiff_plain;f=grml_tips;h=a1a3808cac6f5fa9464c3f12886bdc24e857f4e2;hp=2d96b61d489d31f9b519dcd4ce194f25fcafd0cc;hb=b5156b2ce9fbb2cd413301f332efa2adec16c3fb;hpb=cb61efe22438483247917bc02f3490ad4d435eb1 diff --git a/grml_tips b/grml_tips index 2d96b61..a1a3808 100644 --- a/grml_tips +++ b/grml_tips @@ -7,6 +7,8 @@ and mbr dialogs inside grml2hd using: # grml2hd /dev/hda1 -mbr /dev/hda See: man grml2hd + http://grml.org/grml2hd/ + +Tags: grml2hd, installation -- Install grml on software RAID level 1: @@ -21,6 +23,8 @@ Finally install grml on it: # SWRAID='mbr-only' grml2hd /dev/md0 -mbr /dev/md0 See: man grml2hd + http://grml.org/grml2hd/ + +Tags: grml2hd, installation, mdadm, raid -- Install grml in non interactive mode with grml2hd: @@ -38,22 +42,22 @@ or run: Use with care and only if you really know what you are doing! See: man grml2hd + http://grml.org/grml2hd/ + +Tags: grml2hd, installation -- Configure network: # grml-network --- -Boot grml via network: - -# grml-terminalserver -See: man grml-terminalserver + http://grml.org/terminalserver/ +Tags: configuration, network -- Deactivate error correction of zsh: % NOCOR=1 zsh Run zsh-help for more information regarding zsh. + +Tags: zsh, configuration -- Disable automatic setting of title in GNU screen: @@ -64,12 +68,16 @@ Set it manually e.g. via: % screen -X title foobar Run zsh-help for more information regarding zsh. + +Tags: zsh, configuration -- Do not use menu completion in zsh: % NOMENU=1 zsh Run zsh-help for more information regarding zsh. + +Tags: zsh, configuration -- Run GNU screen with grml-configuration: @@ -78,24 +86,34 @@ Run GNU screen with grml-configuration: or % screen -c /etc/grml/screenrc + +Tags: screen, configuration -- Print out grml-version: % grml-version + +Tags: grml -- Configure mutt: % grml-mutt + +Tags: mutt -- Configure mutt-ng / muttng: % grml-muttng + +Tags: muttng -- Set up Inode-PPTP connection: # grml-pptp-inode or # grml-pptp-xdsl-students + +Tags: pptp, inode, xdsl -- Set up VPN / WLAN connection at TUG (TU Graz): @@ -109,10 +127,14 @@ Now run the main script: After running the script an init script is available: # /etc/init.d/vpnctug [start|stop] + +Tags: tug -- Set up PPTP connection at VCG (Virtual Campus Graz): # grml-pptp-vcgraz + +Tags: pptp, vcg -- Set up VPN: @@ -123,6 +145,8 @@ Usage example: # grml-vpn -k 2005 add 1000 192.168.20.1 192.168.20.2 See: man grml-vpn + +Tags: grml, vpn, network -- Use encrypted files / partitions: @@ -142,18 +166,26 @@ Use: # grml-crypt stop /mnt/test See: man grml-crypt + +Tags: crypto, grml-crypt, dmcrypt, luks -- Change resolution of X: % xrandr -s '1024x768' + +Tags: x11, xorg, resolution -- Change resolution of framebuffer: # fbset 800x600-60 + +Tags: resolution -- Configure newsreader slrn: % grml-slrn + +Tags: slrn -- Configure grml system: @@ -163,16 +195,22 @@ Or directly run scripts: # grml-config-root % grml-config-user + +Tags: grml, configuration -- Lock screen (X / console): % grml-lock Press ctrl-alt-x to lock a GNU screen session. + +Tags: grml, lock, grml-lock, screen -- Change wallpaper in X: % grml-wallpaper + +Tags: grml, wallpaper -- Start X window system (XFree86 / Xorg / X.org): @@ -183,6 +221,8 @@ Usage examples: % grml-x fluxbox % grml-x -mode '1024x768' wmii % grml-x -nosync wm-ng + +Tags: grml-x, x11, xorg, graphic -- Collect hardware information: @@ -193,6 +233,8 @@ or run as root to collect some more information: # grml-hwinfo will generate a file named info.tar.bz2. + +Tags: grml, hardware, hwinfo, collect -- Configure hardware detection features of harddisk installation: @@ -201,6 +243,8 @@ Configure hardware detection features of harddisk installation: or manually edit /etc/grml/autoconfig[.small] See: man grml-autoconfig + +Tags: grml, installation, configuration -- Bootoptions / cheatcodes / bootparams for booting grml: @@ -209,6 +253,8 @@ On the grml-ISO if not running grml: When running grml: % most /usr/share/doc/grml-docs/grml-cheatcodes.txt.gz + +Tags: grml, cheatcodes, boot, bootoptions, bootparam -- Report bugs to Debian's Bug Tracking System (BTS): @@ -220,6 +266,8 @@ See: http://grml.org/bugs/ http://www.debian.org/Bugs/ + +Tags: bug, reportbug, bts, debian -- Offline documentation: @@ -230,11 +278,15 @@ Online documentation: http://grml.org/faq/ http://grml.org/docs/ http://wiki.grml.org/doku.php + +Tags: info, grml, grml-info, documentation -- Mount ntfs partition (read-write): # modprobe fuse # ntfsmount /dev/hda1 /mnt/hda1 + +Tags: ntfs, mount -- Overwrite specific file on an NTFS partition: @@ -249,6 +301,8 @@ Usage example: ntfsresize -n -s 10G /dev/hda1 # testcase ntfsresize -s 10G /dev/hda1 # testing was successfull, now really resize partition cfdisk /dev/hda # delete partition hda1, create new one with 10000MB and fs-type 07 (NTFS) + +Tags: ntfs, resize, ntfsresize -- Modify resolution for intel graphic chipsets: @@ -277,6 +331,8 @@ Secure delete file / directory / partition: See: man wipe Also take a look at shred(1), sfill(1) and http://dban.sourceforge.net/ + +Tags: delete, secure, wipe, shred -- Use grml on Samsung X20 laptop: @@ -287,27 +343,39 @@ See: http://www.michael-prokop.at/computer/samsung_x20.html Development information regarding grml: http://grml.supersized.org/ + +Tags: blog, grml, developmnet -- Contact grml team: #grml on irc.freenode.org - http://grml.org/irc/ http://grml.org/contact/ + +Tags: contact, irc, freenode, email -- Join the grml mailinglist: http://grml.org/mailinglist/ + +Tags: grml, mailinglist -- Help us - donate! http://grml.org/donations/ + +Tags: grml, dontations -- Commercial support / system administration / adjusted live-cds: grml-solutions: http://grml.org/solutions/ + +Tags: grml, commercial, customize -- Information regarding the kernel provided by grml: http://grml.org/kernel/ + +Tags: documentation, grml, kernel -- SMTP command-line test tool: @@ -318,12 +386,16 @@ Usage example: % swaks -s $MAILSERVER -tlsc -a -au $ACCOUNT -ap $PASSWORD -f $MAILADRESSE -t $MAILADRESSE See: man swaks + +Tags: swak, smtp, test -- NTFS related packages: scrounge-ntfs salvage-ntfs ntfsprogs + +Tags: utils, ntfs -- Modify service through init script: @@ -333,6 +405,8 @@ Modify service through init script: # Reload postfix # service gpm start # /etc/init.d/lvm start + +Tags: init, script, start, stop -- Test joystick: @@ -341,19 +415,27 @@ Test joystick: Play movie: % mplayer /path/to/movie + +Tags: movie -- Use webcam with mplayer: % mplayer tv:// -tv driver=v4l:width=352:height=288:outfmt=yv12:device=/dev/video0 + +Tags: webcam -- Powerful network discovery tool: # scapy + +Tags: network, python, tool -- Grab an entire CD and compress it to Ogg/Vorbis, MP3, FLAC, Ogg/Speex and/or MPP/MP+(Musepack) format: % abcde + +Tags: rip, abcde, mp3, transcode, audio -- Show a console session in several terminals: @@ -374,6 +456,8 @@ Local (send file): Remote (receive file): % npoll + +Tags: copy, file, network -- utility for sorting records in complex ways: @@ -418,6 +502,8 @@ Grep with highlighting: % grep --color=auto ... % hgrep ... + +Tags: grep, color, highlighte -- Extract matches when grepping: @@ -433,6 +519,8 @@ Output text as sound: Adjust a grml harddisk (grml2hd) installation: # grml2hd-utils + +Tags: grml2hd, configuration, installation -- Get information on movie files: @@ -489,6 +577,8 @@ Hardware monitoring without kernel dependencies: Install grml-iso to usb-stick: % grml2usb grml.iso /mount/point + +Tags: usbpen, usbstick, installation, grml2usb -- Use mplayer on framebuffer console: @@ -510,6 +600,8 @@ Or run one of the following commands: or # loadkeys i386/qwertz/de-latin1-nodeadkeys.kmap.gz # console % setxkbmap de # X11 + +Tags: languae, keyboard, configuration -- Switch setting of caps-control key (switch between ctrl + shift) on keyboard: @@ -576,14 +668,20 @@ vim -c ":set ff=unix" -c ":wq" file # convert using vim vim -c "se ff=dos|x" file # ... and even shorter ;) recode ibmpc..lat1 file # convert using recode echo -e "s/\r//g" > dos2unix.sed; sed -f dos2unix.sed < dosfile > unixfile + +Tags: windows, line, convert, recode, tr, line end, -- Save live audio stream to file: -% mplayer -ao pcm:file=$FILE +% mplayer -ao pcm:file=$FILE $URL +-- +Save live stream to file: + +% mplayer -dumpfile $FILE -dumpstream $STREAM or -% mencoder mms://file.wmv -o $FILE -ovc copy -oac copy +% mencoder mms://$URL -o $FILE -ovc copy -oac copy or @@ -629,7 +727,7 @@ Read BIOS: -- Read HTTP via netcat: -echo "GET / HTTP/1.0\r\n\r\n" | netcat $DOMAIN 80 +echo -e "GET / HTTP/1.1\r\nHost: $DOMAIN\r\n\r\n" | netcat $DOMAIN 80 -- Get X ressources for specific program: @@ -663,9 +761,13 @@ to get a list of all supported trees -- Transfer your SSH public key to another host: -% ssh-copy-id -i ~/.ssh/id_dsa.pub user@remote-system +% ssh-keygen # ssh-keygen / ssh-key-gen: if you don't have a key yet +[...] +% ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote-system or % cat $HOME/.ssh/id_rsa.pub | ssh user@remote-system 'cat >> .ssh/authorized_keys' + +Tags: ssh, ssh key, public key, ssh-copy-id, ssh-keygen -- Update /etc/fstab entries: @@ -692,6 +794,8 @@ Find and remove duplicate files: Perform layer 2 attacks: # yersinia ... + +Tags: network, attack, security -- rootsh -- @@ -704,13 +808,15 @@ Perform a standard scan: Write back the guessed table: # gpart -W /dev/ice /dev/ice + +Tags: partition, recovery, disk -- Develop, test and use exploit code with the Metasploit Framework: cd /tmp -wget http://framework-mirrors.metasploit.com/msf/downloader/framework-3.0.tar.gz -unp framework-3.0.tar.gz -cd framework-3.0 +wget http://spool.metasploit.com/releases/framework-3.2.tar.gz +unp framework-3.2.tar.gz +cd framework-3.2 ./msfcli -- Useful documentation: @@ -730,6 +836,8 @@ http://www.tldp.org/ The Linux Documentation Project Tips and tricks: % fortune debian-hints + +Tags: documentation -- Fun stuff: @@ -739,6 +847,8 @@ Fun stuff: Backup master boot record (MBR): # dd if=/dev/ice of=/tmp/backup_of_mbr bs=512 count=1 + +Tags: backup, mbr -- Backup partition table: @@ -747,6 +857,8 @@ Backup partition table: Restore partition table: # sfdisk /dev/hda < hda.out + +Tags: backup, partition, sfdisk, recovery -- Clone disk via network using netcat: @@ -759,11 +871,15 @@ Adjust blocksize (dd's option bs=...) and include 'gzip -c' to tune speed: # dd if=/dev/hda1 bs=32M | gzip -c | nc -vq 0 192.168.1.2 30000 + +Tags: network, backup, dd, netcat -- Backup specific directories via cpio and ssh: # for f in directory_list; do find $f >> backup.list done # cpio -v -o --format=newc < backup.list | ssh user@host "cat > backup_device" + +Tags: backup -- Clone disk via ssh: @@ -773,6 +889,8 @@ This one uses CPU cycles on the remote server to compare the files: This one uses CPU cycles on the local server to compare the files: # ssh target_address cat isofile +% iconv -c -f utf8 -t iso-8859-15 < utffile > isofile and vice versa: % iconv -f iso-8859-15 -t utf8 < isofile > utffile + +Tags: utf-8, iso, unicode, utf8 -- -Assign static setup for network cards (eth0 and eth1) via udev: +Assign static setup for network cards (NICs) via udev: -First method - manual: -~~~~~~~~~~~~~~~~~~~~~~ -Get information for SYSFS address: -# udevinfo -a -p /sys/class/net/eth0/ | grep address +Retrieve information for address (corresponding to MAC address): -Then create udev rules: -# cat /etc/udev/network.rules -# match eth* stuff: -KERNEL=="eth*", SYSFS{address}=="00:00:00:00:00:01", NAME="wlan0" -KERNEL=="eth*", SYSFS{address}=="00:00:00:00:00:02", NAME="lan0" -# do not match eth* drivers but also e.g. firewire stuff: -ACTION=="add", SUBSYSTEM=="net", SYSFS{address}=="00:00:00:00:00:03", NAME="1394" + # udevadm info -a -p /sys/class/net/eth0/ | grep -i 'ATTR{address}' -Now activate the rules: -# cd /etc/udev/rules.d/ && ln -s ../network.rules z35_network.rules +Execute /lib/udev/write_net_rules with according values (INTERFACE +is old NIC name, INTERFACE_NAME is new NIC name and MATCHADDR +is the MAC address retrieved with udevadm info command): -Unload the drivers, restart udev and load the drivers again to activate -the settings. + # INTERFACE=eth0 INTERFACE_NAME=lan0 MATCHADDR=00:00:00:00:00:01 /lib/udev/write_net_rules -Second method - automatic: -~~~~~~~~~~~~~~~~~~~~~~~~~~ -Run /lib/udev/write_net_rules shipped with recent udev versions: +This will generate file /etc/udev/rules.d/70-persistent-net.rules with content: -# INTERFACE=wlan1 /lib/udev/write_net_rules 00:00:00:00:00:04 +SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:00:00:00:00:01", KERNEL=="eth*", NAME="lan0" -This command will create /etc/udev/rules.d/z25_persistent-net.rules containing: +Finally take down the interface (ifdown/ifconfig) and execute: -SUBSYSTEM=="net", DRIVER=="?*", SYSFS{address}=="00:00:00:00:00:04", NAME=wlan1 + # udevadm trigger --action=add --subsystem-match=net -See /usr/share/doc/udev/writing_udev_rules/index.html for more information. +so the interface will be renamed. (Rebooting or +unloading drivers/restart udev/loading drivers again +works as well of course.) + +Tags: udev, configuration, name, eth0, howto -- Change the suffix from *.sh to *.pl using zsh: @@ -1194,6 +1331,8 @@ Also take a look at make-ssl-cert (debconf wrapper for openssl): # /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/apache.pem and mod-ssl-makecert (utility to create SSL certificates in /etc/apache/ssl.*/). + +Tags: openssl, howto -- Change Windows NT password(s): @@ -1205,6 +1344,8 @@ Notice: if mounting the partition read-write did not work (check syslog!) try using mount.ntfs-3g instead: mount.ntfs-3g /dev/hda1 /mnt/hda1 (Be careful with deactivating syskey!) + +Tags: password, windows, recovery, chntpw, howto -- glark - replacement for grep written in Ruby: @@ -1231,11 +1372,15 @@ Scan using ATA Packet specific SCSI transport: Get specific information for /dev/ice: # cdrecord dev=/dev/ice -scanbus + +Tags: hardware, info, cd burn -- Create devices in /dev on udev: For example create md devices (/dev/md0, /dev/md1,...): # cd /dev ; WRITE_ON_UDEV=1 ./MAKEDEV md + +Tags: raid, device -- Identify network device (NIC): @@ -1252,6 +1397,8 @@ If your NIC shows some aging signs, you may want to be sure: Disable TCP/UDP checksums: # ethtool -K $DEVICE tx off + +Tags: configuration, network, device -- grml2hd seems to hang? Getting Squashfs errors? Problems while booting? @@ -1268,34 +1415,74 @@ Check your CD low-level via running: If the medium really is ok and it still fails try to boot with deactivated DMA via using grml nodma at the bootprompt. + +Tags: grml2hd, installation, verify, squashfs, error -- Write a Microsoft compatible boot record (MBR) using ms-sys -Write a Windows 2000/XP/2003 MBR to device: +Write a Windows 2000/XP/2003 MBR to a device: # ms-sys -m /dev/ice + +Notice: grab ms-sys from http://ms-sys.sourceforge.net/ - demo: + + wget http://surfnet.dl.sourceforge.net/sourceforge/ms-sys/ms-sys-2.1.3.tgz + unp ms-sys-2.1.3.tgz + cd ms-sys-2.1.3 + make + ./bin/ms-sys ... + +Tags: mbr, windows, ms-sys, recovery -- Use a Vodafone 3G Datacard (UMTS) with Linux: Plug in your vodafone card and check in syslog whether the appropriate -(probably /dev/ttyUSB0 or /dev/noz0 when using newer vodafone cards) has -been created. If so run: +(probably /dev/ttyUSB0 or /dev/noz0) has been created. If so run: -# gcom -d $DEVICE +# comgt -d $DEVICE # wvdial --config /etc/wvdial.conf.umts $PROFILE Usage examples: -# gcom -d /dev/ttyUSB0 +# comgt -d /dev/ttyUSB0 # wvdial --config /etc/wvdial.conf.umts a1usb -# gcom -d /dev/noz0 +# comgt -d /dev/noz0 # wvdial --config /etc/wvdial.conf.umts tmnozomi -# gcom -d /dev/noz0 +# comgt -d /dev/noz0 # wvdial --config /etc/wvdial.conf.umts dreiusb -Notice: newer vodafone cards require the nozomi driver. Run 'modprobe nozomi' on -your grml system. +# comgt -d /dev/ttyACM0 +# wvdial --config /etc/wvdial.conf.umts yesss + +If you receive invalid DNS nameservers when connecting, like: + +[...] +--> primary DNS address 10.11.12.13 +--> secondary DNS address 10.11.12.14 + +just provide a working nameserver to resolvconf via: + +# echo "nameserver 80.120.17.70" | resolvconf -a ppp0 + +Notice: some vodafone cards require the nozomi driver (run 'modprobe nozomi' on +your grml system), some other ones require the sierra driver (run +'modprobe sierra'). + +If your device isn't supported by usbserial yet, manually provide vendor and +product ID when loading the usbserial module. Usage example: + +% lsusb +[...] +Bus 004 Device 008: ID 1199:6813 Sierra Wireless, Inc. + +# modprobe usbserial vendor=0x1199 product=0x6813 + +To get a list of available providers execute: + +# comgt -s -d /dev/ttyUSB0 /etc/comgt/operator + +Tags: umts, 3g, vodafone, sierra, wvdial, ppp, howto -- hdparm - get/set hard disk parameters @@ -1308,6 +1495,8 @@ Request identification info directly from the drive: Perform timings of device + cache reads for benchmark and comparison purposes: # hdparm -tT /dev/ice + +Tags: hardware, performance, configuration, harddisk -- bonnie++ - program to test hard drive performance. @@ -1315,6 +1504,8 @@ bonnie++ - program to test hard drive performance. # mount /dev/ice /mnt/benchmark # chmod go+w /mnt/benchmark # bonnie -u grml -d /mnt/benchmark -s 2000M + +Tags: benchmark, harddisk -- Use gizmo with a bluetooth headset: @@ -1332,6 +1523,8 @@ Then running xawtv should work: Run apt-get with timeout of 3 seconds: # apt-get -o acquire::http::timeout=3 update + +Tags: apt-get -- Debian GNU/Linux device driver check page @@ -1357,10 +1550,14 @@ now install grub (usage example for /dev/sda1): # grub install root (hd0,0) setup (hd0) + +Tags: grml2hd, grub -- Install Ubuntu using grml: See https://wiki.ubuntu.com/Installation/FromKnoppix + +Tags: ubuntu, installation -- Resize ext2 / ext3 partition: @@ -1371,6 +1568,8 @@ Resize ext2 / ext3 partition: # fsck.ext2 -v -y -f /dev/iceX # check filesystem again # resize2fs -p /dev/iceX # resize it to maximum # tune2fs -j /dev/iceX # re-enable journal + +Tags: resize, ext2, ext3, ext4, partition, howto -- Tune ext2 / ext3 filesystem: @@ -1388,14 +1587,20 @@ Now run e2fsck with the -D option to have the directories optimized: Notice: since e2fsprogs (1.39-1) filesystems are created with directory indexing and on-line resizing enabled by default. + +Tags: configuration, ext2, ext3, ext4, partition -- Search for printers via network: # pconf_detect -m NETWORK -i 192.168.0.1/24 + +Tags: printer, network, scan -- Mount a remote directory via webdav (e.g. Mediacenter of GMX): # mount -t davfs https://mediacenter.gmx.net/ /mnt/test + +Tags: webdav, mount, mediacenter, gmx -- System-Profiling using oprofile: @@ -1416,6 +1621,8 @@ Then take a look at the reports using something like e.g.: # opreport -t 0.5 --exclude-dependent # opreport -t 0.5 /path/to/executable_to_check # opannotate -t 0.5 --source --assembly + +Tags: profile, profiling, opcontrol, howto -- Install ATI's fglrx driver for Xorg / X.org: @@ -1426,6 +1633,8 @@ After installing adjust xorg.conf via running: # aticonfig --initial --input=/etc/X11/xorg.conf For more information take a look at http://wiki.grml.org/doku.php?id=ati + +Tags: xorg, x11, driver, ati -- Install nvidia driver for Xorg / X.org: @@ -1435,11 +1644,15 @@ Usually there already exist drivers for the grml-system: Then switch from module nv to nvidia: # sed -i 's/Driver.*nv.*/Driver "nvidia"/' /etc/X11/xorg.conf + +Tags: xorg, x11, driver, nvidia -- glxgears - a GLX demo that draws three rotating gears To print frames per second (fps) use: % glxgears -printfps + +Tags: xorg, x11, glx, -- You forgot to boot with 'grml noeject noprompt' to avoid ejecting and prompting for CD removal when rebooting/halting @@ -1460,6 +1673,8 @@ If you want to avoid only the prompting part, run: or: # noprompt halt + +Tags: bootparam, fix, grml -- Mount wikipedia local via fuse: @@ -1489,6 +1704,8 @@ Mount it (/wiki must exist of course): Unmount via: % fusermount -u /wiki + +Tags: fuse, wikipedia, mount -- Remote notification on X via osd (on screen display): @@ -1542,6 +1759,8 @@ ForwardAgent yes Notice: if you get 'ABORT: Requested font not found' make sure the requested font is available, running 'LANG=C LC_ALL=C osd_server.py...' might help as well. + +Tags: osd, notification, ssh, network, port-forwarding -- Avoid automatical startup of init scripts via invoke-rc.d: @@ -1563,6 +1782,8 @@ If you want to disable automatical startup of newly installed packages To restore the default behaviour set EXITSTATUS back to '0' in /etc/policy-rc.d.conf. + +Tags: policy, init, script, invode-rc.d -- Install VMware-Tools for grml: @@ -1586,6 +1807,8 @@ modprobe vmxnet In an X terminal, launch the VMware Tools running: vmware-toolbox + +Tags: vmware, tool, vmware-toolbox, howto -- Some important Postfix stuff @@ -1641,6 +1864,8 @@ mode 1000 - sticky bit: - for files: not used - for directories: only the owner of a file can delete or rename the file + +Tags: postix, mailq, postsuper, queue, delete, smtp -- Create MySQL database @@ -1657,6 +1882,8 @@ grant all on grml.* to mika; Give a user access to the database (with password): grant all on grml.* to enrico identified by "PASSWORD"; + +Tags: mysql, database -- Setup an HTTPS website: @@ -1683,6 +1910,8 @@ Listen 443 and make sure the SSL module is used: # a2enmod ssl + +Tags: ssl, https, configuration, apache -- Useful Apache / Apache2 stuff @@ -1697,24 +1926,34 @@ Enable a site: Enable a module # a2enmod modulename + +Tags: apache, configuration -- Create tar archive and store it on remote machine: % tar zcf - /sourcedir | ssh user@targethost "cat >file.tgz" + +Tags: tar, backup, remote, network, ssh -- Pick out and displays images from network traffic: # driftnet + +Tags: remote, network, sniff, image -- Install Flash plugin: # dpkg-reconfigure flashplugin-nonfree + +Tags: flash, plugin -- To test a proxy, low level way: % telnet proxy 8080 [...] GET http://www.google.com HTTP/1.0 [press enter twice] + +Tags: proxy -- Adjust system for use of qemu with kqemu: @@ -1748,6 +1987,8 @@ Usage examples: # vmstat 1 # atsar -t 60 10 # dstat -af + +Tags: test, debug, information, hardware, statistic -- Using WPA for network setup manually: @@ -1755,10 +1996,14 @@ Using WPA for network setup manually: Adjust the options and configuration file to your needs. Also take a look at 'grml-network'. + +Tags: wireless, wpa, network, configuration -- Start X and lock console via exiting: % startx 2>~/.xsession-errors &| exit + +Tags: xorg, x11, startx, graphical -- Which process is writing to disk and/or causes the disk to spin up? @@ -1781,10 +2026,14 @@ which handles block_dump on its own. See: $KERNEL-SOURCE/Documentation/laptop-mode.txt Also take a look at event-viewer(8) which is part of grml-debugtools. + +Tags: debug, device, block, partition -- Install initrd via initramfs-tools for currently running kernel: # update-initramfs -c -t -k $(uname -r) + +Tags: initrd -- Install initrd via yaird for currently running kernel: @@ -1867,6 +2116,8 @@ mdadm --detail /dev/md0 | grep -e "Array Size" -e 'Device Size' # Last step - resize the filesystem (online again): resize2fs /dev/md0 + +Tags: raid, resize, raid5, mdadm -- ext3 online resizing: @@ -1905,6 +2156,8 @@ Notice: online resizing works as soon as the kernel can re-read the partition table. So it works for example with LVM and SW-RAID but not with a plain device (/dev/[sh]d*). The kernel does not re-read the partition table if the device is already mounted. + +Tags: resize, raid, lvm, ext2, ext3, ext4, raid1 -- Use vim as an outline editor: @@ -1920,6 +2173,8 @@ Monitor /tmp for changes: Monitor files/directories specified in /etc/iwatch.xml and send mail on changes: % iwatch + +Tags: inotify, watch, file, directory -- Some often used mdadm commands: @@ -1982,6 +2237,8 @@ Producing /etc/mdadm/mdadm.conf: See also: man mdadm | less -p "^EXAMPLES" http://www.tldp.org/HOWTO/Software-RAID-HOWTO.html + +Tags: raid, raid1, raid5, configuration, mdadm, howto -- A quick summary of the most commonly used RAID levels: @@ -1999,6 +2256,8 @@ RAID 30: A stripe across dedicated parity RAID systems RAID 100: A stripe of a stripe of mirrors -- http://en.wikipedia.org/wiki/RAID + +Tags: raid, raid1, raid5, raid01, raid10, raid100 -- Logical Volume Management (LVM) with Linux @@ -2055,6 +2314,8 @@ Remove logical volume: See also: man lvm http://www.tldp.org/HOWTO/LVM-HOWTO/ + +Tags: lvm, howto, pvcreate, lvcreate -- How to use APT locally @@ -2068,43 +2329,49 @@ dpkg-scansources debs | gzip > debs/Sources.gz echo " deb-src file:/root debs/" >> /etc/apt/sources.list See also: http://www.debian.org/doc/manuals/apt-howto/ch-basico.en.html + +Tags: mirror, local -- Check filesystem's LABEL: generic way: -# vol_id -l /dev/sda1 +# blkid /dev/sda1 -ext2/3 without vol_id: +ext2/3 without blkid: # dumpe2fs /dev/sda1 | grep "Filesystem volume name" -xfs without vol_id: +xfs without blkid: # xfs_admin -l /dev/sda1 -reiserfs without vol_id: +reiserfs without blkid: # debugreiserfs /dev/sda1 | grep -i label -jfs without vol_id: +jfs without blkid: # jfs_tune -l /dev/sda1 | grep -i label -reiser4 without vol_id: +reiser4 without blkid: # debugfs.reiser4 /dev/sda1 | grep -i label + +Tags: filesystem, ext2, ext3, ext4, blkid, jfs, xfs, label -- Check filesystem's UUID: generic way: -# vol_id -u /dev/sda1 +# blkid /dev/sda1 -ext2/3 without vol_id: +ext2/3 without blkid: # dumpe2fs /dev/sda1 | grep -i UUID -xfs without vol_id: +xfs without blkid: # xfs_admin -u /dev/sda1 -reiserfs without vol_id: +reiserfs without blkid: # debugreiserfs /dev/sda1 | grep -i UUID -reiser4 without vol_id: +reiser4 without blkid: # debugfs.reiser4 /dev/sda1 | grep -i UUID + +Tags: filesystem, ext2, ext3, ext4, blkid, jfs, xfs, uuid -- Change a filesystem's LABEL: @@ -2130,6 +2397,8 @@ fat/vfat: ntfs: # ntfslabel $LABEL /dev/sda1 + +Tags: filesystem, ext2, ext3, ext4, blkid, jfs, xfs -- Disable pdiffs feature of APT: @@ -2151,6 +2420,8 @@ Restore the backup using unzsplit: # unzsplit -D /dev/sda -d archiveofsda More usage examples: man zsplit + man unzsplit + +Tags: backup, reocvery, spllt, limit, howto -- Measure network performance using iperf: @@ -2167,6 +2438,8 @@ Server with 128k TCP window size: Client with running for 60 seconds and bidirectional test: % iperf -c -r -w128k -t60 + +Tags: network, benchmark -- Framebuffer resolutions: @@ -2209,6 +2482,8 @@ vga=0x... modes: Mode 0x0346: 1600x1200 (+3200), 16 bits Mode 0x034d: 1400x1050 (+2816), 16 bits Mode 0x035c: 1400x1050 (+5632), 24 bits + +Tags: framebuffer, resolution -- Portscan using netcat: @@ -2246,6 +2521,8 @@ To use apt-cacher on the router itself, add the following line to your /etc/apt/apt.conf: Acquire::http::Proxy "http://localhost:3142/"; + +Tags: proxy, debian, apt-get, howto -- Version control using Mercurial @@ -2297,8 +2574,6 @@ host2% hg merge # merge changes into your working directory Set up a CGI server on your webserver: % cp hgwebdir.cgi ~/public_html/hg/index.cgi % $EDITOR ~/public_html/hg/index.cgi # adjust the defaults - -Mercurial repositories of grml can be found at http://hg.grml.org/ -- Download binary codecs for mplayer: @@ -2325,6 +2600,8 @@ Server: Client: # netperf -t TCP_STREAM -H 192.168.0.41 + +Tags: benchmark, network -- Setup Xen within 20 minutes on Debian/grml @@ -2391,6 +2668,8 @@ xm list xm shutdown 1 This HowTo is also available online at http://grml.org/xen/ + +Tags: howto, xen, grml -- Play tetris with zsh: @@ -2419,6 +2698,8 @@ EOF Start dnsmasq finally: # Restart dnsmasq + +Tags: network, router, grml -- Display stats about memory allocations performed by a program: @@ -2553,6 +2834,8 @@ Further information: hwclock(8) tzselect(1) tzconfig(8) http://www.debian.org/doc/manuals/system-administrator/ch-sysadmin-time.html http://wiki.debian.org/TimeZoneChanges + +Tags: timezone, rtc, configuration -- Recorder shellscript session using script: @@ -2561,7 +2844,7 @@ Recorder shellscript session using script: -- Test UTF-8 capabilities of terminal: -wget http://melkor.dnp.fmph.uniba.sk/~garabik/debian-utf8/download/UTF-8-demo.txt.gz +wget http://www.linux-cjk.net/Console/garabik/UTF-8-demo.txt.gz zcat UTF-8-demo.txt.gz or: @@ -2631,30 +2914,43 @@ and where grml is running: Then booting your client(s) via PXE should work without any further work. + +See: man grml-terminalserver + http://grml.org/terminalserver/ + +Tags: howto, pxe, network, boot -- Debugging SSL communications: -% openssl s_client -connect server.adress:993 +% openssl s_client -connect server.adress:993 > output_file +% openssl x509 -noout -text -in output_file or # ssldump -a -A -H -i eth0 See http://prefetch.net/articles/debuggingssl.html for more details. + +Tags: debug, ssl, openssl -- Remove bootmanager from MBR: # lilo -M /dev/hda -s /dev/null + +Tags: mbr, lilo -- Rewrite grub to MBR: # mount /mnt/sda1 # grub-install --recheck --no-floppy --root-directory=/mnt/sda1 /dev/sda + +Tags: mbr, grub -- Rewrite lilo to MBR: # mount /mnt/hda1 # lilo -r /mnt/hda1 + +Tags: mbr, lilo -- Create screenshot of plain/real console - tty1: @@ -2665,6 +2961,8 @@ Create screenshot when running X: % scrot Tip: use the gkrellshoot plugin when using gkrellm + +Tags: screenshot, xorg -- Redirect all connections to hostA:portA to hostB:portB, where hostA and hostB are different networks: @@ -2676,6 +2974,8 @@ iptables -t nat -A PREROUTING -p tcp --dport portA -j DNAT --to hostB:portB iptables -A FORWARD -i eth0 -o eth0 -d hostB -p tcp --dport portB -j ACCEPT iptables -A FORWARD -i eth0 -o eth0 -s hostB -p tcp --sport portB -j ACCEPT iptables -t nat -A POSTROUTING -p tcp -d hostB --dport portB -j SNAT --to-source hostA + +Tags: howto, network, redirect, port -- Flash BIOS without DOS/Windows: @@ -2697,7 +2997,7 @@ Enable shadow passwords: # shadowconfig on -- -Set up an IPv6 tunneln on grml: +Set up an IPv6 tunnel on grml: # ipv6-tunnel start -- @@ -2710,6 +3010,8 @@ Calculate with IPv6 addresses: % ipv6calc For usage examples refer to manpage ipv6calc(8). + +Tags: ipv6 -- Common network debugging tools for use with IPv6: @@ -2719,6 +3021,8 @@ Common network debugging tools for use with IPv6: % tracert6 % nc6 % tcpspray6 + +Tags: ipv6 -- Set up NFS (Network File System): @@ -2774,6 +3078,8 @@ Check what directories the server exports: On the client side you can use something like the following in /etc/fstab: 192.168.1.101:/backups /mnt/nfs nfs defaults,users,wsize=8192,rsize=8192 0 0 + +Tags: nfs, howto, network -- Mount a cloop file: @@ -2783,3 +3089,408 @@ Mount a cloop file: # modprobe cloop file=/path/to/cloop/file # mount -r -t iso9660 /dev/cloop /mnt/test -- +Create a PS/PDF of a plaintext file: + +% a2ps --medium A4dj -E -o output.ps input_file +% ps2pdf output.ps +-- +Print two pages on one in a PDF file: + +% pdfnup --nup 2x1 input.pdf + +Concatenate, extract pages/parts, encrypt/decrypt, +compress PDFs using 'pdftk'. +-- +Read a PS/PDF file on console: + +% pstotext file.pdf + +or on plain framebuffer console in graphical mode: + +% pdf2ps file.pdf ; ps2png file.ps file.png ; fbi file.png + +or + +% fbgs file.pdf +-- +Bypass the password of a PDF file: + +% gs -q -dNOPAUSE -sDEVICE=pdfwrite -sOutputFile=output.pdf input.pdf -c quit +-- +Record sound: + +% rec test.aiff + +This will record a AIFF audio file. +-- +Change passphrase / password of an existing SSH key: + +% ssh-keygen -p +-- +Enable syntax highlighting in nano: + +Just uncomment the include directives for your respective +language at the bottom of the file /etc/nanorc +-- +Create netboot package for grml-terminalserver: + +# bash /usr/share/doc/grml-terminalserver/examples/create-netboot +-- +To boot grml via network (PXE) check out grml-terminalserver: + +# grml-terminalserver + +See http://grml.org/terminalserver/ for more details. +-- +Rotate pictures: + +Using the 'Orientation' tag of the Exif header, rotate +the image so that it is upright: +% jhead -autorot *.jpg + +Manually rotate a picture: +% convert -rotate 270 input.jpg output.jpg +-- +Rename files based on the information inside their exif header: + +% jhead -n%Y-%m-%d_%Hh%M_%f *.jpg + +This will rename a file named img_2071.jpg to something like: + +2007-08-17_10h38_img_2071.jpg + +if it was shot at 10:38 o'clock on 2007-08-17 (according to +the information inside the exif header). +-- +Calculate network / netmask: + +Usage examples: +% ipcalc 10.0.0.28 255.255.255.0 +% ipcalc 10.0.0.0/24 +-- +Blacklist a kernel module: + +# blacklist + +-> running 'blacklist hostap_cs' for example will generate an +entry like this in /etc/modprobe.d/grml: + +blacklist hostap_cs +alias hostap_cs off + +To remove the module from the blacklist again just invoke: + +# unblacklist + +or manually remove the entry from /etc/modprobe.d/grml. +-- +Create a Debian package of a perl module: + +% dh-make-perl --cpan Acme::Smirch --build +-- +The Magic SysRq Keys (SysReq or Sys Req, short for System Request): + +To reboot your system using the SysRq keys just hold down the Alt and +SysRq (Print Screen) key while pressing the keys REISUB ("Raising +Elephants Is So Utterly Boring"). + +R = take the keyboard out of raw mode +E = terminates all processes (except init) +I = kills all processes (except init) +S = synchronizes the disk(s) +U = remounts all filesystems read-only +B = reboot the system + +Notice: use O instead of B for poweroff. + +Or write the sequence to /proc/sysrq-trigger instead: + +# for i in r e i s u b ; do echo $i > /proc/sysrq-trigger ; done + +To enable or disable SysRq calls: + +# echo 0 > /proc/sys/kernel/sysrq +# echo 1 > /proc/sys/kernel/sysrq + +See http://en.wikipedia.org/wiki/Magic_SysRq_key for more details. + +Tags: reboot, documentation, sysrq, magic +-- +Memtest / memcheck: + +Just boot your grml Live-CD with "memtest" to execute a memcheck/memtest +with Memtest86+. +-- +Tunnel TCP-Traffic through DNS using dns2tcp: + +Server-side: +~~~~~~~~~~~~ +1. Create necessary DNS-Records: +dnstun.example.com. 3600 IN NS host.example.com. +dnstun.example.com. 3600 IN A 192.168.1.1 +host.example.com. 3600 IN A 192.168.1.1 + +2. Configure dns2tcpd on host.example.com.: +# cat /etc/dns2tcpd.conf +listen = 192.168.1.1 #the ip dns2tcpd should listen on +port = 53 #" port " " " " +user = nobody +chroot = /tmp +domain = dnstun.example.com. # the zone as specified inside dns +ressources = ssh:127.0.0.1:22 # available resources + +3. Start the daemon: +# cat > /etc/default/dns2tcp << EOF +# Set ENABLED to 1 if you want the init script to start dns2tcpd. +ENABLED=1 +USER=nobody +EOF +# /etc/init.d/dns2tcp start + +Client-side: +~~~~~~~~~~~~ +You have two possibilities: +- Use the DNS inside your network (DNS must allow resolving for external domains) +# grep nameserver /etc/resolv.conf +nameserver 172.16.42.1 +# dns2tcpc -z dnstun.example.com 172.16.42.1 +Available connection(s) : + ssh +# dns2tcpc -r ssh -l 2222 -z dnstun.example.com 172.16.42.1 & +Listening on port : 2222 +# ssh localhost -p 2222 +user@host.example.com:~# + +- Directly contact the endpoint (port 53 UDP must be allowed outgoing) +# dns2tcpc -z dnstun.example.com dnstun.example.com +Available connection(s) : + ssh +# dns2tcpc -r ssh -l 2222 -z dnstun.example.com dnstun.example.com & +Listenning on port : 2222 +# ssh localhost -p 2222 +user@host.example.com:~# + +Notice: using 'ssh -D 8080 ..' you will get a socks5-proxy listening on +localhost:8080 which you can use to tunnel everything through your "dns-uplink". + +Tags: howto, network, tunnel +-- +Configure a MadWifi device for adhoc mode: + +Disable the autocreation of athX devices: +# echo "options ath_pci autocreate=none" > /etc/modprobe.d/madwifi + +Remove the autocreated device for now: +# wlanconfig ath0 destroy + +Configuration in /etc/network/interfaces: + +iface ath0 inet static + madwifi-base wifi0 + madwifi-mode adhoc + ... + +Hints: + - Do not use interface names without ending 0 (otherwise startup fails). + - Only chooss unique names for interfaces. +-- +Find dangling symlinks using zsh: + +% ls **/*(-@) +-- +Use approx with runit supervision +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Install the packages: +# apt-get install approx runit + +Add user approxlog for the logging daemon: +# adduser --system --home /nonexistent --no-create-home approxlog + +Create config directory: +# mkdir /etc/sv/approx + +Use /var/run/sv.approx as supervise directory: +# ln -s /var/run/sv.approx /etc/sv/approx/supervise + +# cat > /etc/sv/approx/run << EOF +#!/bin/sh +echo 'approx starting' +exec approx -f 2>&1 +EOF + +You normally do not need a logging service for approx because it logs +to syslog too. So just for completion: +# mkdir -p /etc/sv/approx/log +# ln -s /var/run/sv.approx.log /etc/sv/approx/log/supervise +# cat > /etc/sv/approx/log/run << EOF +#!/bin/sh +set -e +LOG="/var/log/approx" +test -d "$LOG" || mkdir -p -m2750 "$LOG" && chown approxlog:adm "$LOG" +exec chpst -uapproxlog svlogd -tt -v "$LOG" +EOF + +Now activate the new approx service (will be started within 5s): +# ln -s /etc/sv/approx/ /var/service/ + +Make approx managed via runit available via init-script interface: +# dpkg-divert --local --rename /etc/init.d/approx +# ln -s /usr/bin/sv /etc/init.d/approx +-- +Remote-reboot a grml system using SysRQ via /proc (execute as root): + +eject &>/dev/null +umount -l /cdrom +eject /dev/cdrom +echo b > /proc/sysrq-trigger + +Tags: reboot, howto, grml, network +-- +Show what happens on /dev/sda0: + +# mount the debugfs to relay kernel info to userspace +mount -t debugfs none /sys/kernel/debug + +# is a convenient wrapper arround blktrace and blkparse +btrace /dev/sda0 + +Tags: debug, block, partition, trace +-- +Convert Flash to Avi: + +% ffmpeg -i input.flv output.avi + +Extract MP3 from Flash file: + +% for i in *.flv; do ffmpeg -i $i -acodec copy ${i%.flv}.mp3 ; done +-- +Usage example for cryptsetup / -luks encrypted partition on LVM: + +volume group name: x61 +logical volume name: home + +echo "grml-crypt_home /dev/mapper/x61-home none luks" >> /etc/crypttab +Start cryptdisks +mount /dev/mapper/grml-crypt_home /mnt/test +-- +fdisk/parted/... complains with something like +'unable to open /dev/sda - unrecognised disk label'?! + +See http://grml.org/faq/#fdisk => + +* use /sbin/fdisk.distrib from util-linux +* switch to sfdisk, cfdisk,... +* use parted's mklabel command (but please read the + parted manual before executing this command) +-- +dmraid - support for SW-RAID / FakeRAID controllers +like Highpoint HPT and Promise FastTrack + +Activate all software RAID sets discovered: +# dmraid -ay + +Deactivates all active software RAID sets: +# dmraid -an + +Discover all software RAID devices supported on the system: +# dmraid -r +-- +Extract winmail.dat: + +List content: +% ytnef winmail.dat + +Extract files to current directory: +% ytnef -f . winmail.dat +-- +Approx - Debian package proxy/cacher howto + +% apt-get install approx +% echo 'debian http://ftp.de.debian.org/debian' >>/etc/approx/approx.conf +% Restart approx + +Add your new approx to sources.list + +eg. +deb http://localhost:9999/debian unstable main contrib non-free + +use approx in grml-debootstrap like: +% grml-debootstrap -r lenny -t /dev/sda1 -m http://127.0.0.1:9999/debian +-- +Simple webserver with python: + +% python -m SimpleHTTPServer +-- +Upgrade only packages from the grml-stable Debian repository: + +echo 'deb http://deb.grml.org/ grml-stable main' > /etc/apt/grml-stable.list +apt-get -o Dir::Etc::sourcelist=/etc/apt/grml-stable.list -o Dir::Etc::sourceparts=/doesnotexist update +apt-get upgrade +-- +Install Centos into a directory: + +% febootstrap centos-5 directory http://mirror.centos.org/centos-5/5.3/os/i386/ +-- +Install Fedora into a directory: + +% febootstrap fedora-11 target_directory +-- +Use Nessus / OpenVAS (remote network security auditor): + +Install software packages: +# apt-get update +# apt-get install openvas-client openvas-server openvas-plugins-base openvas-plugins-dfsg + +Add a user: +# openvas-adduser + +Start openvas server (takes a while): +# Start openvas-server + +Invoke client as user: +% OpenVAS-Client +-- +Find packages not available from any active apt repository: + +% apt-show-versions | awk '/No available version in archive/{print $1}' +-- +Simple mailserver with python: + +% python -m smtpd -n -c DebuggingServer localhost:1025 +-- +finger via netcat: + +echo $USER | nc $HOST 79 +-- +Install Archlinux using Grml: + +https://wiki.archlinux.org/index.php/Install_from_Existing_Linux +or +wget http://tokland.googlecode.com/svn/trunk/archlinux/arch-bootstrap.sh +-- +Export blockdevices via AoE (ATA over Ethernet): + +% vblade -m 11:22:33:44:55:66 160 2 eth0 /dev/sdb1 + +Allow the host with the mac address 11:22:33:44:55:66 to access /dev/sdb1 +via eth0, using the shelf and slot numbers 160 and 2. These numbers are +arbitrary but should be unique within the network. + +A word of warning: AoE is prone to all kind of nasty ethernet attacks, +especially arp spoofing. Do not use in hostile networks. + +Tags: aoe, blockdevice, export, server +-- +Access blockdevices via AoE (ATA over Ethernet): + +% sudo aoe-discover + +and the device should show up under /dev/etherd/. If your shelf and +slot numbers re 160 and 2 the device will be /dev/etherd/e160.2 + +A word of warning: AoE is prone to all kind of nasty ethernet attacks, +especially arp spoofing. Do not use in hostile networks. + +Tags: aoe, blockdevice, export, client +--